-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Falco Rule/Macro/List validation at terraform validation #51
Comments
Hi @ukitazume, thanks for the feedback, unfortunately, there are some limitations to keep in mind:
One approach that could be followed is creating all the rules, with macros and lists in a file, then validate this file, and then migrating them to Terraform. |
Thank you for the comment @tembleking. In the future, I hope Falco has a validation library independently as a module/library of golang and runs on the terraform providers. As you mentioned, it's hard to validate rules/macros/lists include dependency with creating/updating/deleting actions. So it should be easy, imperfection validation. But it's better than without it. At this time, I think applying to a test environment is a workaround before applying to production. |
Closing this issue since this cannot be implemented yet. |
Writing Falco rules on Terraform file is hard without validation.
It's useful to validate Falco rules before terraform apply/plan by
terraform validate
.https://www.terraform.io/docs/extend/schemas/schema-behaviors.html#validatefunc
falcosecurity/falco#322
The text was updated successfully, but these errors were encountered: