skip: update CI 46

epam · Jun 27, 2024 · 39344e9 · 39344e9
1 parent 060f107
commit 39344e9
Show file tree

Hide file tree

Showing 15 changed files with 181 additions and 6 deletions.
diff --git a/.github/workflows/auto-test.yml b/.github/workflows/auto-test.yml
@@ -12,8 +12,8 @@ on:
       resource_priority_list:
         type: string
         description: Priority list for resources (you can remove unnecessary resources during testing)
-        default: '["webapp"]'
-        #'["storage", "webapp"]'
+        default: '["vnet"]'
+        #'["storage", "webapp", "vnet"]'
         required: true
 
 # limits to only one workflow in time 
@@ -26,8 +26,8 @@ env:
   AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
   AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
   AZURE_SECRET_VALUE: ${{ secrets.AZURE_SECRET_VALUE }}
-  default_resource_priority_list: '["webapp"]'
-  #default_resource_priority_list: '["storage", "webapp"]'
+  default_resource_priority_list: '["vnet"]'
+  #default_resource_priority_list: '["storage", "webapp", "vnet"]'
   TF_VAR_project: ${{ secrets.TF_VAR_project }}
   TF_VAR_region: ${{ secrets.AWS_REGION }}
   TF_VAR_zone: ${{ secrets.TF_VAR_zone }}

diff --git a/auto_policy_testing/green/vnet/main.tf b/auto_policy_testing/green/vnet/main.tf
@@ -0,0 +1,10 @@
+data "terraform_remote_state" "common" {
+  backend = "s3"
+
+  config = {
+    bucket = var.remote_state_bucket
+    key = var.remote_state_key
+    region = var.remote_state_region
+  }
+}
+
diff --git a/auto_policy_testing/green/vnet/outputs.tf b/auto_policy_testing/green/vnet/outputs.tf
@@ -0,0 +1,5 @@
+output "vnet" {
+  value = {
+    vnet = azurerm_virtual_network.this.id
+  }
+}
diff --git a/auto_policy_testing/green/vnet/provider.tf b/auto_policy_testing/green/vnet/provider.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
diff --git a/auto_policy_testing/green/vnet/terraform.tfvars b/auto_policy_testing/green/vnet/terraform.tfvars
@@ -0,0 +1,5 @@
+location = "northeurope"
+
+tags = {
+  ComplianceStatus = "Green"
+}
diff --git a/auto_policy_testing/green/vnet/variables.tf b/auto_policy_testing/green/vnet/variables.tf
@@ -0,0 +1,21 @@
+variable "location" {
+  type = string
+}
+
+variable "tags" {
+  type = map(string)
+}
+
+variable "remote_state_region" {
+  type        = string
+  description = "Region where resources will be created"
+  default     = "us-east-1"
+}
+
+variable "remote_state_bucket" {
+  type        = string
+}
+
+variable "remote_state_key" {
+  type        = string
+}
diff --git a/auto_policy_testing/green/vnet/virtual_network.tf b/auto_policy_testing/green/vnet/virtual_network.tf
@@ -0,0 +1,47 @@
+resource "azurerm_resource_group" "this" {
+  name     = "vnet-rg-green"
+  location = var.location
+  tags     = var.tags
+}
+
+resource "azurerm_virtual_network" "this" {
+  name                = "vnetgreen"
+  address_space       = ["10.0.0.0/24"]
+  location            = azurerm_resource_group.this.location
+  resource_group_name = azurerm_resource_group.this.name
+  tags                = var.tags
+}
+
+resource "azurerm_subnet" "this" {
+  name                 = "snetgreen"
+  resource_group_name  = azurerm_resource_group.this.name
+  virtual_network_name = azurerm_virtual_network.this.name
+  address_prefixes     = ["10.0.0.0/27"]
+
+}
+
+resource "azurerm_network_security_group" "this" {
+  name                = "nsggreen"
+  location            = azurerm_resource_group.this.location
+  resource_group_name = azurerm_resource_group.this.name
+
+  security_rule {
+    name                       = "vnetrulegreen"
+    priority                   = 100
+    direction                  = "Inbound"
+    access                     = "Deny"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "*"
+    source_address_prefix      = "*"
+    destination_address_prefix = "*"
+  }
+
+  tags = var.tags
+
+}
+
+resource "azurerm_subnet_network_security_group_association" "this" {
+  subnet_id                 = azurerm_subnet.this.id
+  network_security_group_id = azurerm_network_security_group.this.id
+}
diff --git a/auto_policy_testing/red/vnet/main.tf b/auto_policy_testing/red/vnet/main.tf
@@ -0,0 +1,10 @@
+data "terraform_remote_state" "common" {
+  backend = "s3"
+
+  config = {
+    bucket = var.remote_state_bucket
+    key = var.remote_state_key
+    region = var.remote_state_region
+  }
+}
+
diff --git a/auto_policy_testing/red/vnet/outputs.tf b/auto_policy_testing/red/vnet/outputs.tf
@@ -0,0 +1,5 @@
+output "vnet" {
+  value = {
+    vnet = azurerm_virtual_network.this.id
+  }
+}
diff --git a/auto_policy_testing/red/vnet/provider.tf b/auto_policy_testing/red/vnet/provider.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
diff --git a/auto_policy_testing/red/vnet/terraform.tfvars b/auto_policy_testing/red/vnet/terraform.tfvars
@@ -0,0 +1,5 @@
+location = "northeurope"
+
+tags = {
+  ComplianceStatus = "red"
+}
diff --git a/auto_policy_testing/red/vnet/variables.tf b/auto_policy_testing/red/vnet/variables.tf
@@ -0,0 +1,21 @@
+variable "location" {
+  type = string
+}
+
+variable "tags" {
+  type = map(string)
+}
+
+variable "remote_state_region" {
+  type        = string
+  description = "Region where resources will be created"
+  default     = "us-east-1"
+}
+
+variable "remote_state_bucket" {
+  type        = string
+}
+
+variable "remote_state_key" {
+  type        = string
+}
diff --git a/auto_policy_testing/red/vnet/virtual_network.tf b/auto_policy_testing/red/vnet/virtual_network.tf
@@ -0,0 +1,21 @@
+resource "azurerm_resource_group" "this" {
+  name     = "vnet-rg-red"
+  location = var.location
+  tags     = var.tags
+}
+
+resource "azurerm_virtual_network" "this" {
+  name                = "vnetred"
+  address_space       = ["10.0.0.0/24"]
+  location            = azurerm_resource_group.this.location
+  resource_group_name = azurerm_resource_group.this.name
+  tags                = var.tags
+}
+
+resource "azurerm_subnet" "this" {
+  name                 = "snetred"
+  resource_group_name  = azurerm_resource_group.this.name
+  virtual_network_name = azurerm_virtual_network.this.name
+  address_prefixes     = ["10.0.0.0/27"]
+
+}
diff --git a/auto_policy_testing/scripts/azure_map_report_fields.json b/auto_policy_testing/scripts/azure_map_report_fields.json
@@ -1,5 +1,5 @@
 {
     "storage": ["id"],
     "webapp" : ["id"],
-    "funcapp": ["id"]
+    "vnet": ["id"]
 }
diff --git a/auto_policy_testing/scripts/exception_rules.py b/auto_policy_testing/scripts/exception_rules.py
@@ -14,7 +14,8 @@
             "ecc-azure-179-asb_app_service_managed_identity", #api app deprecated
             "ecc-azure-236-asb_cors_api", #api app deprecated
             "ecc-azure-239-asb_certif_api", #api app deprecated
-            "ecc-azure-256-asb_remotedebug_api" #api app deprecated
+            "ecc-azure-256-asb_remotedebug_api", #api app deprecated
+            "ecc-azure-258-asb_remotedebug_web" #terraform or azure policy issue
             ],
     "not-parallel": [],
     "sleep_before_scan": []