ci: update cra rules (#95)

ocofaigh · web-flow · commit 3d86e65ea81a · 2024-01-19T13:40:13.000-05:00
diff --git a/cra-tf-validate-ignore-rules.json b/cra-tf-validate-ignore-rules.json
@@ -1,11 +1,5 @@
 {
     "scc_rules": [
-        {
-            "scc_rule_id": "rule-9b2d8054-bc93-44fd-901b-91f677287e84",
-            "description": "Check whether Databases for etcd network access is restricted to a specific IP range",
-            "ignore_reason": "This module supports restricting network access using Context Based Restrictions (CBRs), however SCC does not yet support scanning for CBR rules, hence the goal currently fails. SCC CBR support is being tracked in AHA SCC-961",
-            "is_valid": true
-        },
         {
           "scc_rule_id": "rule-216e2449-27d7-4afc-929a-b66e196a9cf9",
           "description": "Check whether Flow Logs for VPC are enabled",
diff --git a/modules/fscloud/README.md b/modules/fscloud/README.md
@@ -4,11 +4,9 @@ This code is a version of the [parent root module](../../) that includes a defau
 
 :exclamation: **Exception:** The Databases for etcd DB service is not yet Financial services validated. Therefore, the infrastructure that is deployed by this module is also not validated with the Framework for Financial Services. For more information, see the list of [Financial Services Validated services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-vpc-architecture-about#financial-services-validated-services).
 
-The default values in this profile were scanned by [IBM Code Risk Analyzer (CRA)](https://cloud.ibm.com/docs/code-risk-analyzer-cli-plugin?topic=code-risk-analyzer-cli-plugin-cra-cli-plugin#terraform-command) for compliance with the IBM Cloud Framework for Financial Services profile that is specified by the IBM Security and Compliance Center. The scan passed for all applicable rules with one exception:
+The default values in this profile were scanned by [IBM Code Risk Analyzer (CRA)](https://cloud.ibm.com/docs/code-risk-analyzer-cli-plugin?topic=code-risk-analyzer-cli-plugin-cra-cli-plugin#terraform-command) for compliance with the IBM Cloud Framework for Financial Services profile that is specified by the IBM Security and Compliance Center.
 
-> rule-beb7b289-706b-4dc0-b01d-b1d15d4331e3: Check whether Databases for etcd network access is restricted to a specific IP range.
-
-The IBM Cloud Framework for Financial Services mandates the application of an inbound network-based allowlist in front of the IBM Cloud Databases for (ICD) etcd instance. You can comply with this requirement by using the `cbr_rules` variable in the module, which can be used to create a narrow context-based restriction rule that is scoped to the etcd instance. CRA does not currently support checking for context-based restrictions, so you can ignore the failing rule after you set the context-based restriction.
+The IBM Cloud Framework for Financial Services mandates the application of an inbound network-based allowlist in front of the IBM Cloud Databases for (ICD) etcd instance. You can comply with this requirement by using the `cbr_rules` variable in the module, which can be used to create a narrow context-based restriction rule that is scoped to the etcd instance.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ### Requirements

Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"scc_rules": [`
`3`		`- {`
`4`		`- "scc_rule_id": "rule-9b2d8054-bc93-44fd-901b-91f677287e84",`
`5`		`- "description": "Check whether Databases for etcd network access is restricted to a specific IP range",`
`6`		`- "ignore_reason": "This module supports restricting network access using Context Based Restrictions (CBRs), however SCC does not yet support scanning for CBR rules, hence the goal currently fails. SCC CBR support is being tracked in AHA SCC-961",`
`7`		`- "is_valid": true`
`8`		`- },`
`9`	`3`	`{`
`10`	`4`	`"scc_rule_id": "rule-216e2449-27d7-4afc-929a-b66e196a9cf9",`
`11`	`5`	`"description": "Check whether Flow Logs for VPC are enabled",`