Merge pull request #1 from aquasecurity/single-account-onboarding

feat: Implement AWS single account onboarding
aquasecurity · Aug 6, 2024 · a823785 · a823785
2 parents 52f41a6 + 0c8b9ee
commit a823785
Show file tree

Hide file tree

Showing 51 changed files with 3,489 additions and 1 deletion.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+@Noamstrauss
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,30 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**Steps to reproduce**
+
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Please complete the following information):**
+ - Terraform Version: [e.g. v1.0.0 ]
+ - Module Version [e.g. v0.15.0] 
+
+Run `terraform version` to find your Terraform version.
+You can find the module version by running `terraform providers` or in your terraform configuration. If developing locally you can check the `VERSION` file in the project root directory.
+
+**Additional context**
+Add any other context about the problem here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: Feature
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml
@@ -0,0 +1,87 @@
+name: PR Checks
+
+on:
+  pull_request:
+
+jobs:
+  pr-checks:
+    name: Terraform Validation
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: ${{ vars.TERRAFORM_VERSION }}
+
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@v1
+        with:
+          tflint_version: ${{ vars.TFLINT_VERSION }}
+
+      - name: Run TFLint
+        id: tflint
+        run: tflint --config .tflint.hcl -f compact
+        continue-on-error: true
+
+      - name: Run tests for each example folder
+        id: terraform-checks
+        run: |
+          TEST_CASES=(
+            examples/single-account
+          )
+
+          format_check=true
+          init_check=true
+          validate_check=true
+
+          for tcase in ${TEST_CASES[@]}; do
+            echo "--> Running tests at $tcase"
+            (
+              cd $tcase || exit 1
+              echo "Replacing <REPLACE_ME> placeholders"
+              if [[ "$OSTYPE" == "darwin"* ]]; then
+                sed -i '' 's/<REPLACE_ME>/dummy_value/g' *.tf
+              else
+                sed -i 's/<REPLACE_ME>/dummy_value/g' *.tf
+              fi
+              echo "Terraform Format Check"
+              terraform fmt -check || format_check=false
+              echo "Terraform Init"
+              terraform init || init_check=false
+              echo "Terraform Validate"
+              terraform validate || validate_check=false
+            ) || exit 1
+          done
+
+          echo "format_check=$format_check" >> $GITHUB_OUTPUT
+          echo "init_check=$init_check" >> $GITHUB_OUTPUT
+          echo "validate_check=$validate_check" >> $GITHUB_OUTPUT
+
+      - name: Comment PR with Terraform status
+        uses: actions/github-script@v7
+        env:
+          FORMAT_CHECK: ${{ steps.terraform-checks.outputs.format_check == 'true' && '✅' || '❌' }}
+          INIT_CHECK: ${{ steps.terraform-checks.outputs.init_check == 'true' && '✅' || '❌' }}
+          VALIDATE_CHECK: ${{ steps.terraform-checks.outputs.validate_check == 'true' && '✅' || '❌' }}
+          TFLINT_CHECK: ${{ steps.tflint.outcome == 'success' && '✅' || '❌' }}
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const output = `#### Terraform Validation Results:
+
+            Terraform Format Check ${{ env.FORMAT_CHECK }}
+            Terraform Init ${{ env.INIT_CHECK }}
+            Terraform Validate ${{ env.VALIDATE_CHECK }}
+            TFLint Check ${{ env.TFLINT_CHECK }}
+
+            *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\`*`;
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
diff --git a/.github/workflows/terraform-docs.yaml b/.github/workflows/terraform-docs.yaml
@@ -0,0 +1,20 @@
+name: Generate terraform docs
+on:
+  - pull_request
+jobs:
+  docs:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: Render terraform docs and push changes back to PR
+        uses: terraform-docs/[email protected]
+        with:
+          working-dir: .
+          output-file: README.md
+          scan-ref: '.'
+          scan-type: 'repo'
+          output-method: inject
+          git-push: "true"
diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml
@@ -0,0 +1,26 @@
+name: Trivy
+on: pull_request
+jobs:
+  aqua:
+    name: Aqua scanner
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}
+
+      - name: Run Aqua scanner
+        uses: docker://aquasec/aqua-scanner
+        with:
+          args: trivy fs --scanners misconfig,secret .
+        env:
+          AQUA_KEY: ${{ secrets.AQUA_KEY }}
+          AQUA_SECRET: ${{ secrets.AQUA_SECRET }}
+          GITHUB_TOKEN: ${{ github.token }}
+          TRIVY_RUN_AS_PLUGIN: 'aqua'
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,45 @@
+# Local .terraform directories
+**/.terraform*
+
+# generated via "make ci"
+examples/**/.terraform.lock.hcl
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Credentials Files
+**/credentials.json
+**/*.json
+
+# Local testing variables
+
+# vim
+*.swp
+
+/.idea/
+.DS_Store
diff --git a/.tflint.hcl b/.tflint.hcl
@@ -0,0 +1,9 @@
+rule "terraform_required_providers" {
+  enabled = false
+  source = false
+  version = false
+}
+
+rule "terraform_required_version" {
+  enabled = false
+}