Skip to content
This repository was archived by the owner on May 28, 2025. It is now read-only.

feat: Add a rules submodule #53

Closed
jor2 wants to merge 16 commits into from
Closed

feat: Add a rules submodule #53

jor2 wants to merge 16 commits into from

Conversation

@jor2
Copy link
Member

@jor2 jor2 commented Mar 21, 2024
edited
Loading

Description

Add a rules submodule in modules/rules that should support creating multiple custom rules.

#48

Release required?

  • No release
  • Patch release (x.x.X)
  • Minor release (x.X.x)
  • Major release (X.x.x)
Release notes content

Add a rules submodule in modules/rules that should support creating multiple custom rules.

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

  • If relevant, a test for the change is included or updated with this PR.
  • If relevant, documentation for the change is included or updated with this PR.

For mergers

  • Use a conventional commit message to set the release level. Follow the guidelines.
  • Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
  • Use the Squash and merge option.

@jor2 jor2 self-assigned this Mar 21, 2024
@jor2
Copy link
Member Author

jor2 commented Mar 25, 2024

A little confused on how should we use import.

This is how it is used on UI.

	"import": {
		"parameters": [
			{
				"name": "check_enforced",
				"display_name": "check for cbr enforcement",
				"description": "",
				"type": "string_list"
			}
		]
	},

and then it needs to be used as a param in required config rules as such:

	"required_config": {
		"or": [
			{
				"and": [
					{
						"property": "cbr_check_enforced",
						"operator": "string_equals",
						"value": "${check_enforced}"
					},
        ......

But terraform doesn't allow for the syntax "${check_enforced}" and escaping the $ didn't work.

@jor2 jor2 requested a review from ocofaigh March 25, 2024 10:35
toddgiguere
toddgiguere suggested changes Mar 25, 2024
View reviewed changes
ocofaigh
ocofaigh suggested changes Mar 26, 2024
View reviewed changes
Copy link
Contributor

@ocofaigh ocofaigh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see comments

@jor2
Copy link
Member Author

jor2 commented Mar 27, 2024

/run pipeline

1 similar comment
@jor2
Copy link
Member Author

jor2 commented Mar 28, 2024

/run pipeline

@jor2 jor2 requested review from ocofaigh and toddgiguere March 28, 2024 14:10
ocofaigh
ocofaigh suggested changes Apr 2, 2024
View reviewed changes
Copy link
Contributor

@ocofaigh ocofaigh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

left some comments - also need to resolve conflict (don't bump common-dev-assets version in the PR unless you explicitly need a new version, otherwise you end up with conflict after renovate runs)

modules/rules/outputs.tf Outdated
@@ -0,0 +1,4 @@
output "rule_ids" {
description = "The ids for the rules created by this module."
value = [for rule in resource.ibm_scc_rule.scc_rule_instance : rule.rule_id]
Copy link
Contributor

@ocofaigh ocofaigh Mar 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what does this output look like? If its just a list of rule IDs that not much use. Ideally needs to have a mapping to the rule name so users can lookup the rule ID using the rule name

Copy link
Member Author

@jor2 jor2 Apr 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

name doesn't exist in outputs https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/scc_rule#attribute-reference

@jor2 jor2 requested a review from ocofaigh April 2, 2024 23:00
@jor2
Copy link
Member Author

jor2 commented Apr 2, 2024

/run pipeline

@ocofaigh
Copy link
Contributor

ocofaigh commented Nov 15, 2024

No plans to implement

@ocofaigh ocofaigh closed this Nov 15, 2024
@ocofaigh ocofaigh deleted the rules branch November 15, 2024 14:24
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@toddgiguere toddgiguere Awaiting requested review from toddgiguere toddgiguere is a code owner

@ocofaigh ocofaigh Awaiting requested review from ocofaigh ocofaigh is a code owner

Assignees

@jor2 jor2

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jor2 @ocofaigh @toddgiguere