Merge pull request #5 from CAR6807/patch-1

Added exception check for resources
stelligent · Oct 4, 2018 · 772c28f · 772c28f
2 parents df10fd8 + 0ef831a
commit 772c28f
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 5 deletions.
diff --git a/cli/app.go b/cli/app.go
@@ -147,18 +147,25 @@ func addExceptionsToRuleSet(ruleSet assertion.RuleSet, exceptions []RuleExceptio
 	rules := []assertion.Rule{}
 	for _, rule := range ruleSet.Rules {
 		for _, e := range exceptions {
-			if rule.ID == e.RuleID &&
-				rule.Resource == e.ResourceType &&
-				(rule.Category == e.ResourceCategory || rule.Category == "") {
-				rule.Except = append(rule.Except, e.ResourceID)
-			}
+			if resourceMatch(rule, e) &&
+			    rule.ID == e.RuleID &&
+					   (rule.Category == e.ResourceCategory || e.ResourceCategory == "resources" || rule.Category == "") {
+										rule.Except = append(rule.Except, e.ResourceID)
+					}
 		}
 		rules = append(rules, rule)
 	}
 	ruleSet.Rules = rules
 	return ruleSet
 }
 
+func resourceMatch(rule assertion.Rule, exception RuleException) bool {
+	if (assertion.SliceContains(rule.Resources, exception.ResourceType) || rule.Resource == exception.ResourceType) {
+		return true
+	}
+	return false
+}
+
 func validateRules(filenames []string, w ReportWriter) int {
 	builtInRuleSet, err := loadBuiltInRuleSet("assets/lint-rules.yml")
 	if err != nil {

diff --git a/cli/app_test.go b/cli/app_test.go
@@ -188,3 +188,42 @@ func TestValidateRules(t *testing.T) {
 	validateRules(filenames, w)
 	assert.Empty(t, w.Report.Violations, "Expecting empty report for validateRules")
 }
+
+func TestResourceMatch(t *testing.T) {
+	testRule := []assertion.Rule{
+		{
+			ID:        "RULE_1",
+			Category:  "resource",
+			Resources: []string{"aws_instance", "aws_s3_bucket"},
+		},
+		{
+			ID:       "RULE_2",
+			Category: "resource",
+			Resource: "aws_s3_bucket",
+		},
+	}
+	profileExceptions := []RuleException{
+		{
+			RuleID:           "RULE_1",
+			ResourceCategory: "resource",
+			ResourceType:     "aws_instance",
+			Comments:         "Testing",
+			ResourceID:       "my-special-resource",
+		},
+		{
+			RuleID:           "RULE_2",
+			ResourceCategory: "resources",
+			ResourceType:     "aws_s3_bucket",
+			Comments:         "Testing",
+			ResourceID:       "my-special-bucket",
+		},
+	}
+
+	if !resourceMatch(testRule[0], profileExceptions[0]) {
+		t.Errorf("Expecting exception resource to be found in rule resources")
+	}
+	if !resourceMatch(testRule[1], profileExceptions[1]) {
+		t.Errorf("Expecting one to one match with exception resource and rule resource")
+	}
+
+}