terrascan pre-commit hook reports false positive alert - untagged

I need some assistance with terrascan and pre-commit hook.
terrascan reports "failed" even though there is no policy violation?
terrascan................................................................Failed
- hook id: terrascan
- exit code: 4
Scan Summary -
File/Folder : /azure_modules/terraform-azurerm-acr
IaC Type : terraform
Scanned At : 2021-10-04 07:42:02.6301449 +0000 UTC
Policies Validated : 1
Violated Policies : 0
Low : 0
Medium : 0
High : 0
Scan Summary -
File/Folder : /azure_modules/terraform-azurerm-acr/examples
IaC Type : terraform
Scanned At : 2021-10-04 07:42:02.635467 +0000 UTC
Policies Validated : 1
Violated Policies : 0
Low : 0
Medium : 0
High : 0
Scan Summary -
File/Folder : /azure_modules/terraform-azurerm-acr
IaC Type : terraform
Scanned At : 2021-10-04 07:42:02.6844968 +0000 UTC
Policies Validated : 1
Violated Policies : 0
Low : 0
Medium : 0
High : 0
Scan Summary -
File/Folder : /mnt/c/azure_modules/terraform-azurerm-acr
IaC Type : terraform
Scanned At : 2021-10-04 07:42:02.6743944 +0000 UTC
Policies Validated : 1
Violated Policies : 0
Low : 0
Medium : 0
High : 0
My pre-commit YAML file is like below:
cat .pre-commit-config.yaml
repos:
- repo: https://github.com/gruntwork-io/pre-commit
rev: v0.1.14
hooks:
- id: tflint
args:
- "--module"
- "--config=.tflint.hcl"
- id: terraform-validate
- id: terraform-fmt
- id: markdown-link-check
- repo: git://github.com/antonbabenko/pre-commit-terraform
rev: v1.51.0
hooks:
- id: terraform_tfsec
- id: terraform_docs
- id: checkov
- id: terrascan
How to have it resolved?

The following code works perfectly fine.
Issue: terrascan scans all your directories for terraform files so if it does not find any terraform file it will report as errors.
repos:
- repo: https://github.com/gruntwork-io/pre-commit
rev: v0.1.14
hooks:
- id: tflint
args:
- "--module"
- "--config=.tflint.hcl"
- id: terraform-validate
- id: terraform-fmt
- id: markdown-link-check
- repo: git://github.com/antonbabenko/pre-commit-terraform
rev: v1.52.0
hooks:
- id: terraform_tfsec
- id: terraform_docs
- id: checkov
# - id: terrascan
- repo: https://github.com/accurics/terrascan
rev: v1.10.0
hooks:
- id: terraform-pre-commit
args: [ '-i terraform --non-recursive examples/docs/']
Note: I have added --non-recursive and added example/docs to tell terrascan not to scan that directory as it has no terraform file(s)

Related

Build pipeline name is not displayed as expected

I have this pipeline file:
# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
trigger:
branches:
include:
- main
- issues*
- tasks*
paths:
exclude:
- documentation/*
- Readme.md
variables:
- name: majorVersion
value: 1
- name: minorVersion
value: 0
- name: revision
value: $[counter(variables['minorVersion'],0)]
- name: buildVersion
value: $(majorVersion).$(minorVersion).$(revision)
name: $(buildVersion)
and I expect the pipeline name to be 1.0.0
but instead it is a string $(majorVersion).$(minorVersion).$(revision)
where did i get the formatting wrong?

YAML Azure Pipelines - Loops with Conditional Jobs

I have the following YAML pipeline that I cannot seem to get working based on the conditional values.
parameters:
- name: "workloads"
type: object
default:
wkld001: update
wkld002: "delete"
wkld003: "update"
wkld004: "update"
wkld005: "update"
wkld006: "update"
- name: "environment"
type: string
values:
- prd
- dev
- name: "landing_zone"
type: string
values:
- private
- integration
stages:
- stage:
jobs:
- job: create_params
steps:
- powershell: |
write-host "test"
- ${{each item in parameters.workloads}}:
- ${{ if eq(parameters.workloads[item.key].value, 'update') }}:
- job: "${{item.key}}"
dependsOn: create_params
steps:
- powershell: |
write-host "testing loop - ${{item.value}}"
What i want to do is have a specific command run based on the value set for the workload map.
When I run the above no conditions are met so only the pre-job runs.
The expected behaviour is the loop runs, and the right job is spawned based on the map conditions.
The example only shows the "update" condition only; I plan to have a few more.
I got there in the end with this.
pool:
name: "UOLUKSSHPOOL01"
parameters:
- name: "workloads"
type: object
default:
wkld001: update
wkld002: "delete"
wkld003: "update"
wkld004: "update"
wkld005: "update"
wkld006: "update"
- name: "environment"
type: string
values:
- prd
- dev
- name: "landing_zone"
type: string
values:
- private
- integration
stages:
- stage:
jobs:
- job: create_params
steps:
- powershell: |
write-host "test"
- ${{each item in parameters.workloads}}:
- ${{ if eq(item.value, 'update') }}:
- job: "${{item.key}}"
condition:
dependsOn: create_params
steps:
- powershell: |
write-host "testing loop - ${{item.value}}"

Is it possible to achieve such a refactor in YAML

I'm working on a concourse pipeline and I need to duplicate a lot of code in my YAML so I'm trying to refactor it so it is easily maintainable and I don't end up with thousands of duplicates lines/blocks.
I have achieve the following yaml file after what seems to be the way to go but it doesn't fullfill all my needs.
add-rotm-points: &add-rotm-points
task: add-rotm-points
config:
platform: linux
image_resource:
type: docker-image
source:
repository: ((registre))/polygone/concourse/cf-cli-python3
tag: 0.0.1
insecure_registries: [ ((registre)) ]
run:
path: source-pipeline/commun/rotm/trigger-rotm.sh
args: [ "source-pipeline", "source-code-x" ]
inputs:
- name: source-pipeline
- name: source-code-x
jobs:
- name: test-a
plan:
- in_parallel:
- get: source-pipeline
- get: source-code-a
trigger: true
- <<: *add-rotm-points
- name: test-b
plan:
- in_parallel:
- get: source-pipeline
- get: source-code-b
trigger: true
- <<: *add-rotm-points
My problem is that both my jobs uses the generic task defined at the top. But in the generic task I need to change source-code-x to the -a or -b version I use in my jobs.
I cannot find a way to achieve this without duplicating my anchor in every jobs and that seems to be counter productive. But i may not have full understood yaml anchors/merges.
All you need to do is map inputs on individual tasks, like this:
add-rotm-points: &add-rotm-points
task: add-rotm-points
config:
platform: linux
image_resource:
type: docker-image
source:
repository: ((registre))/polygone/concourse/cf-cli-python3
tag: 0.0.1
insecure_registries: [ ((registre)) ]
run:
path: source-pipeline/commun/rotm/trigger-rotm.sh
args: [ "source-pipeline", "source-code-x" ]
inputs:
- name: source-pipeline
- name: source-code-x
jobs:
- name: test-a
plan:
- in_parallel:
- get: source-pipeline
- get: source-code-a
trigger: true
- <<: *add-rotm-points
input_mapping:
source-code-x: source-code-a
- name: test-b
plan:
- in_parallel:
- get: source-pipeline
- get: source-code-b
trigger: true
- <<: *add-rotm-points
input_mapping:
source-code-x: source-code-b
See Example Three in this blog: https://blog.concourse-ci.org/introduction-to-task-inputs-and-outputs/

How can I act on the last created node in my jelastic installation manifest?

I have the following jps manifest:
jpsVersion: 1.3
jpsType: update
application:
id: test
name: Test
version: 0.0
onInstall:
- addNodes:
- nodeType: docker
count: 1
fixedCloudlets: 1
cloudlets: 16
dockerName: gitlab/gitlab-runner
onAfterAddNode:
- installDocker
actions:
installDocker:
- cmd:
- myDockerInstallScript.sh
My problem is that the onAfterAddNode actions are not called, even though the node was added successfully. What am I doing wrong? How can I guarantee the commands will be run on the added node only?
EDIT
My use case is the following: I have created an environment a while ago, which I would like to add new nodes to. Therefore, I need to update that environment with the addition of new nodes and with some installation steps on those new nodes.
If you need to perform an action only in a newly created node, then you can do it like this:
jpsVersion: 1.3
jpsType: update
application:
id: test
name: Test
version: 0.0
onInstall:
- addNodes:
nodeType: docker
count: 1
nodeGroup: runner
fixedCloudlets: 1
cloudlets: 16
dockerName: gitlab/gitlab-runner
- installDocker: ${nodes.runner.last.id}
actions:
installDocker:
- cmd [${this}]:
- myDockerInstallScript.sh
Also, thanks for the comment about the documentation, we have updated it: https://docs.cloudscripting.com/creating-manifest/actions/#addnodes
The execution of other events in the environment occurs only after the successful completion of the onInstall event. The onAfterAddNode event will run the next time a node is added. Here you can see the sequence of events. If you just need to call the action during installation, then you need to do this in onInstall:
Example:
jpsVersion: 1.3
jpsType: update
application:
id: test
name: Test
version: 0.0
onInstall:
- addNodes:
- nodeType: docker
count: 1
fixedCloudlets: 1
cloudlets: 16
dockerName: gitlab/gitlab-runner
- installDocker
actions:
installDocker:
- cmd:
- myDockerInstallScript.sh
If it is necessary that a certain action is also performed each time a node is added to the topology of the environment, then you can do this such way:
jpsVersion: 1.3
jpsType: update
application:
id: test
name: Test
version: 0.0
onInstall:
- addNodes:
- nodeType: docker
count: 1
nodeGroup: runner
fixedCloudlets: 1
cloudlets: 16
dockerName: gitlab/gitlab-runner
- installDocker
onAfterAddNode [runner]:
- installDocker
actions:
installDocker:
- cmd [runner]:
- myDockerInstallScript.sh
If you want a specific action to be performed after scaling the entire layer, then you can do it this way:
jpsVersion: 1.3
jpsType: update
application:
id: test
name: Test
version: 0.0
onInstall:
- addNodes:
- nodeType: docker
count: 1
nodeGroup: runner
fixedCloudlets: 1
cloudlets: 16
dockerName: gitlab/gitlab-runner
- installDocker
onAfterScaleOut [runner]:
forEach(event.response.nodes):
installDocker: ${#i.id}
actions:
installDocker:
- cmd [${this}]:
- myDockerInstallScript.sh

cannot create transaction block : cannot define a new channel in configtxgen

this question has been already asked source as the question is 10 month old and as there are newer versions on fabric i'm reposting this question.
for the following YAML FILE
Organizations:
- &Smartforce
Name: SmartforceMSP
ID: SmartforceMSP
MSPDir: /home/falcon/dev-iq-smartforce/crypto-config/ordererOrganizations/smartforce.com/msp
- &BusinessPartner1
Name: FalconMSP
ID: FalconMSP
MSPDir: /home/falcon/dev-iq-smartforce/crypto-config/peerOrganizations/falcon.com/msp
AnchorPeers:
- Host: localhost
Port: 7051
- &BusinessPartner2
Name: FrostMSP
ID: FrostMSP
MSPDir: /home/falcon/dev-iq-smartforce/crypto-config/peerOrganizations/frost.com/msp
AnchorPeers:
- Host: localhost
Port: 8051
# Configuration for the Orderer
Orderer: &OrdererDefaults #SampleInsecureSolo
OrdererType: solo
Addresses:
- localhost:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 98 MB
PreferredMaxBytes: 512 KB
Application: &ApplicationDefaults
Organizations:
Channel: &ChannelDefaults
Profiles:
TwoPartnerGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *Smartforce
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *BusinessPartner1
- <<: *BusinessPartner2
Consortiums:
TwoPartnerConsortium:
Organizations:
- *BusinessPartner1
- *BusinessPartner2
TwoOrgChannel:
Consortium: TwoPartnerConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *BusinessPartner1
- <<: *BusinessPartner2
the result for following file :
input :
configtxgen -outputCreateChannelTx ./TwoOrgChannel.tx -profile
TwoPartnerGenesis -channelID channel01
output :
configtxgen -outputCreateChannelTx ./TwoOrgChannel.tx -profile TwoPartnerGenesis -channelID channel01
2018-12-20 12:30:29.818 IST [common/tools/configtxgen] main -> INFO 001 Loading configuration
2018-12-20 12:30:29.824 IST [common/tools/configtxgen] doOutputChannelCreateTx -> INFO 002 Generating new channel configtx
2018-12-20 12:30:29.824 IST [common/tools/configtxgen] main -> CRIT 003 Error on outputChannelCreateTx: config update generation failure: cannot define a new channel with no Consortium value
please anyone help me to identify the error.
thanks in advance.
Try this:
configtxgen -outputCreateChannelTx ./TwoOrgChannel.tx -profile TwoOrgChannel -channelID channel01
I think you selected the wrong profile to create the channel transaction

Resources