diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c53d1c..9d77ca8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.0.0-beta.4] - 2023-10-26 + +### Added +- `terraform_plan/direct_dependencies`: Added option `references_to` and `referenced_by` to make sure whether the resource is referenced by or references to the given resource (e.g. `references_to: "aws_security_group"`) + ## [1.0.0-beta.3] - 2023-07-20 ### Fixed diff --git a/README.md b/README.md index 2444d14..54dabeb 100644 --- a/README.md +++ b/README.md @@ -151,7 +151,7 @@ optional arguments: } ``` -4. Make sure that AWS ELBs are attached to security group (using Terraform plan provider) +4. Make sure that all AWS ELBs are attached to security group (using Terraform plan provider) ```json { "meta": { @@ -164,11 +164,12 @@ optional arguments: "provider_args": { "operation_type": "direct_references", "terraform_resource_type": "aws_elb" + "references_to": "aws_security_group" }, "condition": { - "type": "Contains", - "value": "aws_security_group", - "error_tolerance": 2 + "type": "Equals", + "value": true, + "error_tolerance": 0 } } ], @@ -176,7 +177,34 @@ optional arguments: } ``` -5. Kubernetes (using Kubernetes provider) +5. Make sure that all `aws_s3_bucket` are referenced by `aws_s3_bucket_intelligent_tiering_configuration` (using Terraform plan provider) +```json +{ + "meta": { + "required_provider": "stackguardian/terraform_plan", + "version": "v1" + }, + "evaluators": [ + { + "id": "s3HasLifeCycleIntelligentTiering", + "description": "Make sure all aws_s3_bucket are referenced by aws_s3_bucket_intelligent_tiering_configuration", + "provider_args": { + "operation_type": "direct_references", + "terraform_resource_type": "aws_s3_bucket", + "referenced_by": "aws_s3_bucket_intelligent_tiering_configuration" + }, + "condition": { + "type": "Equals", + "value": true, + "error_tolerance": 0 + } + } + ], + "eval_expression": "s3HasLifeCycleIntelligentTiering" +} +``` + +6. Kubernetes (using Kubernetes provider) - Make sure that all pods have a liveness probe defined ```json diff --git a/setup.py b/setup.py index 49b3e2a..46376cd 100644 --- a/setup.py +++ b/setup.py @@ -22,7 +22,7 @@ def read(*names, **kwargs): setup( name="py-tirith", - version="1.0.0-beta.3", + version="1.0.0-beta.4", license="Apache", description="Tirith simplifies defining Policy as Code.", long_description_content_type="text/markdown", diff --git a/src/tirith/__init__.py b/src/tirith/__init__.py index 5bd081b..7c173ad 100644 --- a/src/tirith/__init__.py +++ b/src/tirith/__init__.py @@ -2,6 +2,6 @@ tirith: Execute policies defined using Tirith (StackGuardian Policy Framework) """ -__version__ = "1.0.0-beta.3" +__version__ = "1.0.0-beta.4" __author__ = "StackGuardian" __license__ = "Apache" diff --git a/src/tirith/cli.py b/src/tirith/cli.py index 0f6a68d..a5d8b16 100755 --- a/src/tirith/cli.py +++ b/src/tirith/cli.py @@ -84,7 +84,7 @@ def __init__(self, prog="PROG") -> None: action="store_true", help="Show detailed logs of from the run", ) - parser.add_argument("--version", action="version", version="1.0.0-beta.3") + parser.add_argument("--version", action="version", version="1.0.0-beta.4") args = parser.parse_args()