From 27a9c0d3841fe9521ceeb100f02c5595dcc902f7 Mon Sep 17 00:00:00 2001 From: Taylor Date: Wed, 21 May 2025 21:17:18 -0700 Subject: [PATCH 1/2] Fix CKV2_AWS_52 --- .../aws/OpenSearchDomainHasFineGrainedControl.yaml | 2 +- .../OpenSearchDomainHasFineGrainedControl/expected.yaml | 2 +- .../OpenSearchDomainHasFineGrainedControl/main.tf | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/checkov/terraform/checks/graph_checks/aws/OpenSearchDomainHasFineGrainedControl.yaml b/checkov/terraform/checks/graph_checks/aws/OpenSearchDomainHasFineGrainedControl.yaml index fa8ac74517..1a9f9f9c1a 100644 --- a/checkov/terraform/checks/graph_checks/aws/OpenSearchDomainHasFineGrainedControl.yaml +++ b/checkov/terraform/checks/graph_checks/aws/OpenSearchDomainHasFineGrainedControl.yaml @@ -3,7 +3,7 @@ metadata: name: "Ensure AWS ElasticSearch/OpenSearch Fine-grained access control is enabled" category: "IAM" definition: - and: + or: - cond_type: "attribute" resource_types: - "aws_opensearch_domain" diff --git a/tests/terraform/graph/checks/resources/OpenSearchDomainHasFineGrainedControl/expected.yaml b/tests/terraform/graph/checks/resources/OpenSearchDomainHasFineGrainedControl/expected.yaml index b04b2c4b1b..78341a8551 100644 --- a/tests/terraform/graph/checks/resources/OpenSearchDomainHasFineGrainedControl/expected.yaml +++ b/tests/terraform/graph/checks/resources/OpenSearchDomainHasFineGrainedControl/expected.yaml @@ -1,8 +1,8 @@ pass: - "aws_elasticsearch_domain.es_pass" - "aws_opensearch_domain.os_pass" + - "aws_opensearch_domain.os_pass1" fail: - - "aws_opensearch_domain.os_fail_1" - "aws_opensearch_domain.os_fail_2" - "aws_elasticsearch_domain.es_fail_2" - "aws_elasticsearch_domain.es_fail_1" diff --git a/tests/terraform/graph/checks/resources/OpenSearchDomainHasFineGrainedControl/main.tf b/tests/terraform/graph/checks/resources/OpenSearchDomainHasFineGrainedControl/main.tf index fcc3ba8aa5..11604c8999 100644 --- a/tests/terraform/graph/checks/resources/OpenSearchDomainHasFineGrainedControl/main.tf +++ b/tests/terraform/graph/checks/resources/OpenSearchDomainHasFineGrainedControl/main.tf @@ -1,4 +1,4 @@ -resource "aws_opensearch_domain" "os_fail_1" { +resource "aws_opensearch_domain" "os_pass1" { domain_name = "ggkitty" engine_version = "Elasticsearch_7.1" @@ -44,7 +44,7 @@ resource "aws_opensearch_domain" "os_fail_2" { } advanced_security_options { - enabled = true + enabled = false anonymous_auth_enabled = true internal_user_database_enabled = false master_user_options { @@ -118,7 +118,7 @@ resource "aws_elasticsearch_domain" "es_fail_1" { } advanced_security_options { - enabled = true + enabled = false anonymous_auth_enabled = true internal_user_database_enabled = false master_user_options { @@ -164,7 +164,7 @@ resource "aws_elasticsearch_domain" "es_pass" { } advanced_security_options { - enabled = true + enabled = false anonymous_auth_enabled = true internal_user_database_enabled = true master_user_options { From 00bd1faaa3a5b34b376ac1105438acd8e33decc3 Mon Sep 17 00:00:00 2001 From: Taylor Date: Wed, 21 May 2025 23:20:47 -0700 Subject: [PATCH 2/2] Fix conda --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 54b5c571ef..98d74ecf6e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -64,7 +64,7 @@ Results will appear under [actions](https://github.com/bridgecrewio/checkov/acti To run tests locally use the following commands (install dev dependencies, run tests and compute tests coverage): If you are using conda, create a new environment with Python 3.10.14 version: ```sh -conda create -n python310 --m python=Python 3.10.14 +conda create -n python310 python=3.10.17 conda activate python310 ``` Then, we need pipenv installation and run the tests and coverage modules