feat: ignoring the slack lambda if configuration not complete (#21)

appvia · Jun 13, 2024 · a291715 · a291715
1 parent 31eb9f8
commit a291715
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 9 deletions.
diff --git a/.trivyignore b/.trivyignore
@@ -1 +1,5 @@
 AVD-AWS-0057
+AVD-DS-0015 # (Dockerfile) Purge Yum Package Cache - https://avd.aquasec.com/misconfig/dockerfile/general/avd-ds-0015/
+AVD-DS-0002 # (Dockerfile) Least Privilege User - https://avd.aquasec.com/misconfig/dockerfile/general/avd-ds-0002/
+AVD-DS-0026 # (Dockerfile) No Healthcheck - https://avd.aquasec.com/misconfig/dockerfile/general/avd-ds-0026/
+AVD-DS-0013 # (Dockerfile) Use Workdir Over Cd - https://avd.aquasec.com/misconfig/dockerfile/general/avd-ds-0013/
diff --git a/Makefile b/Makefile
@@ -1,6 +1,4 @@
 #
-# Copyright (C) 2024  Appvia Ltd <[email protected]>
-#  
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
@@ -14,22 +12,22 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
-AUTHOR_EMAIL[email protected]
-
-.PHONY: all security lint format documentation documentation-examples validate-all validate validate-examples init examples
+.PHONY: all security lint format documentation documentation-examples validate-all validate validate-examples init examples tests
 
 default: all
 
 all: 
 	$(MAKE) init
 	$(MAKE) validate
+	$(MAKE) tests
 	$(MAKE) lint
 	$(MAKE) security
 	$(MAKE) format
 	$(MAKE) documentation
 
 examples:
 	$(MAKE) validate-examples
+	$(MAKE) tests
 	$(MAKE) lint-examples
 	$(MAKE) lint
 	$(MAKE) security
@@ -69,7 +67,7 @@ security-modules:
 	@if [ -d modules ]; then \
 		find modules -type d -mindepth 1 -maxdepth 1 | while read -r dir; do \
 			echo "--> Validating $$dir"; \
-			trivy config $$dir; \
+			trivy config  --format table --exit-code  1 --severity  CRITICAL,HIGH --ignorefile .trivyignore $$dir; \
 		done; \
 	fi
 
@@ -78,10 +76,14 @@ security-examples:
 	@if [ -d examples ]; then \
 		find examples -type d -mindepth 1 -maxdepth 1 | while read -r dir; do \
 			echo "--> Validating $$dir"; \
-			trivy config $$dir; \
+			trivy config  --format table --exit-code  1 --severity  CRITICAL,HIGH --ignorefile .trivyignore $$dir; \
 		done; \
 	fi
 
+tests: 
+	@echo "--> Running Terraform Tests" 
+	@terraform test
+
 validate:
 	@echo "--> Running terraform validate"
 	@terraform init -backend=false

diff --git a/locals.tf b/locals.tf
@@ -15,13 +15,15 @@ locals {
   sns_topic_policy = var.sns_topic_policy != null ? var.sns_topic_policy : data.aws_iam_policy_document.current.json
 
   ## Indicates if we are enabling slack notifications 
-  enable_slack = var.slack != null ? true : false
+  enable_slack_config = var.slack != null ? true : false
   ## Indicates if we are looking up the slack secret 
-  enable_slack_secret = local.enable_slack && try(var.slack.secret_name, null) != null ? true : false
+  enable_slack_secret = local.enable_slack_config && try(var.slack.secret_name, null) != null ? true : false
   ## The webhook url for slack 
   slack_webhook_url = local.enable_slack_secret ? try(jsondecode(data.aws_secretsmanager_secret_version.slack[0].secret_string)["webhook_url"], var.slack.webhook_url) : try(var.slack.webhook_url, null)
   ## The slack channel to post to 
   slack_channel = local.enable_slack_secret ? try(jsondecode(data.aws_secretsmanager_secret_version.slack[0].secret_string)["channel"], var.slack.channel) : try(var.slack.channel, null)
   ## slack_username to use  
   slack_username = local.enable_slack_secret ? try(jsondecode(data.aws_secretsmanager_secret_version.slack[0].secret_string)["username"], var.slack.username) : try(var.slack.username, null)
+  ## Indicates slack has all the configuration needed 
+  enable_slack = local.enable_slack_config && local.slack_channel != null && local.slack_webhook_url != null
 }