自动地形审查
tf-cop的Python项目详细描述
TerraForm自动审阅器
地形脚本检查器。
此软件包可帮助您查看tf脚本。
(例如:确认向所有S3存储桶添加日志记录规则)
1安装
$ pip install tf_cop
2用法
2.1 cli使用
在您的控制台
$ tfcop TERRAFORM_ROOT_PATH REVIEW_BOOK_ROOT_PATH(optional)
样本输出
☁ tf_cop [master] ⚡ tfcop test[INFO] tf_root_path : test[INFO] rbook_root_path : ========================================================== RESOURCE AWS_S3_BUCKET.TEST_TF_REVIEW_BUCKET ==========================================================[WARN] desc_checker : description not use [ALERT] tag_checker : tags not use========================================================== RESOURCE AWS_S3_BUCKET.TEST_TF_REVIEW_BUCKET2 ==========================================================[WARN] desc_checker : description not use [PASS] tag_checker : passed [PASS] name_checker : passed [PASS] env_checker : passed========================================================== DATA AWS_S3_BUCKET.TEST_DATA_TF_REVIEW_BUCKET ==========================================================[PASS] bucket_checker : passed=======================| RESOURCE NUM : 3|| warn NUM : 2|| alert NUM : 1|| pass NUM : 4|=======================
2.2模块使用
2.2.1进行回顾
通过terraform root path&;review_book root path
importtf_copif__name__=='__main__':test=tf_cop.TfCop()test.tf_review("./test","./review_book_default")
2.2.2获取输出
output=test.output(color_flg=True)print(output)
3查看书本yaml规则
3.1文件名规则
review_book_yaml=resource_name.split("_")[1]+'.yaml'
(例如aws_s3_bucket=>;s3.yaml)
文件夹结构
${REVIEW_BOOK_ROOT_PATH}
├── data
│ ├──s3.yaml
│ └──...
└── resource
├── acm.yaml
├── api.yaml
└── ...
3.2关键规则
| key | description | required |
|---|---|---|
| title | test title | required |
| desc | description for test | option |
| mode | test mode (existance|value|nested) | required |
| key | test target key (ex. tags) | required |
| value | correct value regex | option |
| nest | for nested test | option |
| type | test type (ex. alert, warn) | required |
3.2.1生存试验< /H4>
检查目标键是否存在。< BR/> (例如描述)
3.2.2值测试
检查目标值是否正确。
(例如name=“(prd stg dev)-s3-.*-地形”)
3.2.3嵌套测试
测试嵌套键值
tags {
Name = "${terraform.env}-tf-review-bucket"
Env = "dev"
}
3.3样品
aws_s3_bucket:-title:description_checkerdescription:simple existance checkermode:existancewarn:Truekey:description-title:private_checkerdescription:simple value checkermode:valuekey:aclvalue:private-title:bucket_checkerdescription:simple value regex checkermode:valuekey:bucketvalue:.*-tf-review-bucket.*-title:tag_checkerdescription:nested value checkermode:nestedkey:tagsnest:-title:name_checkerdescription:nested value checkermode:valuekey:Namevalue:.*-tf-review-bucket.*-title:env_checkerdescription:nested value checkermode:valuewarn:Truekey:Envvalue:(dev|stg|prd)-title:if_checkermode:ifkey:loggingnest:title:name_checkermode:existancekey:lifecycle_rule
4测试
python test.py
5示例用法
使用docker测试terraform文件。
├── Dockerfile
├── main.py
└── requirements.txt
FROM python:3.6RUN apt-get update ENV LANG ja_JP.UTF-8 ENV LANGUAGE ja_JP:ja ENV LC_ALL ja_JP.UTF-8 ENV TZ JST-9 RUN pip install --upgrade pip RUN pip install --upgrade setuptools WORKDIR /tmpCOPY requirements.txt ./ RUN pip install -r requirements.txt COPY . . CMD["python","main.py"]
importtf_copif__name__=='__main__':test=tf_cop.TfCop()test.tf_review("./terraform","./review_book")output=test.output(color_flg=True)print(output)
设置TF_ROOT_PATH&;REVIEW_BOOK_PATH
docker build -t tf_cop . docker run \ -v `pwd`/${TF_ROOT_PATH}:/tmp/terraform \ -v `pwd`/${REVIEW_BOOK_PATH}:/tmp/review_book \ tf_cop
6作者
ys tydy
欢迎加入QQ群-->: 979659372
