From 4596fc2f6d044614d7116c9cdfe7ce8a4fdd9ca0 Mon Sep 17 00:00:00 2001 From: Onkar Banerjee <46961494+onkarbanerjee@users.noreply.github.com> Date: Fri, 16 Jun 2023 19:20:23 +0530 Subject: [PATCH 1/3] chore: Add exclussion for false positive for new Checkov rule(DEC-3667) (#29) --- .pre-commit-config.yaml | 4 ++-- modules/google_sql_database_instance/main.tf | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 237c7d4..f274372 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -13,7 +13,7 @@ repos: - id: check-yaml - id: check-added-large-files - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.77.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases + rev: v1.81.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases hooks: - id: terraform_fmt - id: terraform_docs @@ -24,7 +24,7 @@ repos: - id: terraform_checkov exclude: (test/|examples/) - repo: https://github.com/gitguardian/ggshield - rev: v1.14.5 # Update to latest version by running `pre-commit autoupdate` + rev: v1.16.0 # Update to latest version by running `pre-commit autoupdate` hooks: - id: ggshield language: python diff --git a/modules/google_sql_database_instance/main.tf b/modules/google_sql_database_instance/main.tf index 394bd70..dd4c2dc 100644 --- a/modules/google_sql_database_instance/main.tf +++ b/modules/google_sql_database_instance/main.tf @@ -59,6 +59,7 @@ resource "google_sql_database_instance" "instance" { #checkov:skip=CKV_GCP_111:Ensure GCP PostgreSQL logs SQL statements 'pgaudit.log' flag is set to 'all' #checkov:skip=CKV2_GCP_20:Ensure MySQL DB instance has point-in-time recovery backup configured #checkov:skip=CKV2_GCP_13:Ensure PostgreSQL database flag 'log_duration' is set to 'on' + #checkov:skip=CKV_GCP_79: "Ensure SQL database is using latest Major version" database_version = var.database_version @@ -143,6 +144,7 @@ resource "google_sql_database_instance" "read_replica" { #checkov:skip=CKV_GCP_111:Ensure GCP PostgreSQL logs SQL statements 'pgaudit.log' flag is set to 'all' #checkov:skip=CKV2_GCP_20:Ensure MySQL DB instance has point-in-time recovery backup configured #checkov:skip=CKV2_GCP_13:Ensure PostgreSQL database flag 'log_duration' is set to 'on' + #checkov:skip=CKV_GCP_79: "Ensure SQL database is using latest Major version" depends_on = [ google_sql_database_instance.instance From 93ae97b5fc8dc8fc2bbfa2b0f2292746db7b208b Mon Sep 17 00:00:00 2001 From: Onkar Banerjee <46961494+onkarbanerjee@users.noreply.github.com> Date: Mon, 19 Jun 2023 17:02:48 +0530 Subject: [PATCH 2/3] chore: Remove exclusion of Checkov check for database version rule(DEC-3667) (#31) --- modules/google_sql_database_instance/main.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/google_sql_database_instance/main.tf b/modules/google_sql_database_instance/main.tf index dd4c2dc..394bd70 100644 --- a/modules/google_sql_database_instance/main.tf +++ b/modules/google_sql_database_instance/main.tf @@ -59,7 +59,6 @@ resource "google_sql_database_instance" "instance" { #checkov:skip=CKV_GCP_111:Ensure GCP PostgreSQL logs SQL statements 'pgaudit.log' flag is set to 'all' #checkov:skip=CKV2_GCP_20:Ensure MySQL DB instance has point-in-time recovery backup configured #checkov:skip=CKV2_GCP_13:Ensure PostgreSQL database flag 'log_duration' is set to 'on' - #checkov:skip=CKV_GCP_79: "Ensure SQL database is using latest Major version" database_version = var.database_version @@ -144,7 +143,6 @@ resource "google_sql_database_instance" "read_replica" { #checkov:skip=CKV_GCP_111:Ensure GCP PostgreSQL logs SQL statements 'pgaudit.log' flag is set to 'all' #checkov:skip=CKV2_GCP_20:Ensure MySQL DB instance has point-in-time recovery backup configured #checkov:skip=CKV2_GCP_13:Ensure PostgreSQL database flag 'log_duration' is set to 'on' - #checkov:skip=CKV_GCP_79: "Ensure SQL database is using latest Major version" depends_on = [ google_sql_database_instance.instance From 7a2fc8d54c92d9b98f0aed76239fcc9d98988ad7 Mon Sep 17 00:00:00 2001 From: Phi H Nguyen Date: Wed, 21 Jun 2023 14:36:02 +0800 Subject: [PATCH 3/3] fix: Add Checkov skip for SQL version rule (#32) --- modules/google_sql_database_instance/main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/google_sql_database_instance/main.tf b/modules/google_sql_database_instance/main.tf index 394bd70..dd4c2dc 100644 --- a/modules/google_sql_database_instance/main.tf +++ b/modules/google_sql_database_instance/main.tf @@ -59,6 +59,7 @@ resource "google_sql_database_instance" "instance" { #checkov:skip=CKV_GCP_111:Ensure GCP PostgreSQL logs SQL statements 'pgaudit.log' flag is set to 'all' #checkov:skip=CKV2_GCP_20:Ensure MySQL DB instance has point-in-time recovery backup configured #checkov:skip=CKV2_GCP_13:Ensure PostgreSQL database flag 'log_duration' is set to 'on' + #checkov:skip=CKV_GCP_79: "Ensure SQL database is using latest Major version" database_version = var.database_version @@ -143,6 +144,7 @@ resource "google_sql_database_instance" "read_replica" { #checkov:skip=CKV_GCP_111:Ensure GCP PostgreSQL logs SQL statements 'pgaudit.log' flag is set to 'all' #checkov:skip=CKV2_GCP_20:Ensure MySQL DB instance has point-in-time recovery backup configured #checkov:skip=CKV2_GCP_13:Ensure PostgreSQL database flag 'log_duration' is set to 'on' + #checkov:skip=CKV_GCP_79: "Ensure SQL database is using latest Major version" depends_on = [ google_sql_database_instance.instance