From 634250b3d03038761699234bc90a1e56f7f868e2 Mon Sep 17 00:00:00 2001 From: Sonam Tenzin Date: Tue, 11 Feb 2025 11:58:08 +0530 Subject: [PATCH 1/6] Handled sentinel policy scenario --- addlicense/main.go | 24 ++++++++++++++++++++++++ addlicense/main_test.go | 11 +++++++++++ 2 files changed, 35 insertions(+) diff --git a/addlicense/main.go b/addlicense/main.go index c0e8963..35705aa 100644 --- a/addlicense/main.go +++ b/addlicense/main.go @@ -414,8 +414,31 @@ var head = []string{ "/** @jest-environment", // Jest Environment string https://jestjs.io/docs/configuration#testenvironment-string } +var headPatterns = []string{ + `# This policy requires.*\s*(#.*\s*)*`, +} + +// matches regex patterns to extract headings to skip +func matchPattern(b []byte) []byte { + + for _, v := range headPatterns { + re := regexp.MustCompile(v) + match := re.Find(b) + if len(match) > 0 { + return match + } + } + return []byte{} +} + func hashBang(b []byte) []byte { var line []byte + + line = matchPattern(b) + if len(line) > 0 { + return line + } + for _, c := range b { line = append(line, c) if c == '\n' { @@ -428,6 +451,7 @@ func hashBang(b []byte) []byte { return line } } + return nil } diff --git a/addlicense/main_test.go b/addlicense/main_test.go index bc5f098..4127f83 100644 --- a/addlicense/main_test.go +++ b/addlicense/main_test.go @@ -245,6 +245,17 @@ func TestAddLicense(t *testing.T) { {"# escape: `\ncontent", "# escape: `\n// HYS\n\ncontent", true}, {"# syntax: docker/dockerfile:1.3\ncontent", "# syntax: docker/dockerfile:1.3\n// HYS\n\ncontent", true}, {"/** @jest-environment jsdom */\ncontent", "/** @jest-environment jsdom */\n// HYS\n\ncontent", true}, + { + "# This policy requires immediate action.\n# This is a follow-up comment.\n# Another line of policy.\nSome text that should not match.", + "# This policy requires immediate action.\n# This is a follow-up comment.\n# Another line of policy.\n// HYS\n\nSome text that should not match.", + true, + }, + { + `# This policy requires that the max_password_age attribute of the aws_iam_account_password_policy + # resource is according to CIS standards.`, + "# This policy requires that the max_password_age attribute of the aws_iam_account_password_policy\n\t\t\t# resource is according to CIS standards.\n// HYS\n\n", + true, + }, // ensure files with existing license or generated files are // skipped. No need to test all permutations of these, since From e98b8616e500c73a36bf01889a8e1202b060af52 Mon Sep 17 00:00:00 2001 From: Sonam Tenzin Date: Thu, 13 Feb 2025 11:25:16 +0530 Subject: [PATCH 2/6] resolved comments --- addlicense/main.go | 27 +++++++++++++++------ addlicense/main_test.go | 11 --------- addlicense/testdata/expected/file1.sentinel | 27 +++++++++++++++++++++ addlicense/testdata/expected/file2.sentinel | 25 +++++++++++++++++++ addlicense/testdata/expected/file3.sentinel | 26 ++++++++++++++++++++ addlicense/testdata/initial/file1.sentinel | 13 ++++++++++ addlicense/testdata/initial/file2.sentinel | 11 +++++++++ addlicense/testdata/initial/file3.sentinel | 11 +++++++++ 8 files changed, 133 insertions(+), 18 deletions(-) create mode 100644 addlicense/testdata/expected/file1.sentinel create mode 100644 addlicense/testdata/expected/file2.sentinel create mode 100644 addlicense/testdata/expected/file3.sentinel create mode 100644 addlicense/testdata/initial/file1.sentinel create mode 100644 addlicense/testdata/initial/file2.sentinel create mode 100644 addlicense/testdata/initial/file3.sentinel diff --git a/addlicense/main.go b/addlicense/main.go index 35705aa..f1fa056 100644 --- a/addlicense/main.go +++ b/addlicense/main.go @@ -328,7 +328,7 @@ func addLicense(path string, fmode os.FileMode, tmpl *template.Template, data Li return false, err } - line := hashBang(b) + line := hashBang(b, path) if len(line) > 0 { b = b[len(line):] if line[len(line)-1] != '\n' { @@ -365,7 +365,7 @@ func licenseHeader(path string, tmpl *template.Template, data LicenseData) ([]by lic, err = executeTemplate(tmpl, data, "/**", " * ", " */") case ".cc", ".cpp", ".cs", ".go", ".hh", ".hpp", ".m", ".mm", ".proto", ".rs", ".swift", ".dart", ".groovy", ".v", ".sv", ".lr": lic, err = executeTemplate(tmpl, data, "", "// ", "") - case ".py", ".sh", ".bash", ".zsh", ".yaml", ".yml", ".dockerfile", "dockerfile", ".rb", "gemfile", ".ru", ".tcl", ".hcl", ".tf", ".tfvars", ".nomad", ".bzl", ".pl", ".pp", ".ps1", ".psd1", ".psm1", ".txtar": + case ".py", ".sh", ".bash", ".zsh", ".yaml", ".yml", ".dockerfile", "dockerfile", ".rb", "gemfile", ".ru", ".tcl", ".hcl", ".tf", ".tfvars", ".nomad", ".bzl", ".pl", ".pp", ".ps1", ".psd1", ".psm1", ".txtar", ".sentinel": lic, err = executeTemplate(tmpl, data, "", "# ", "") case ".el", ".lisp": lic, err = executeTemplate(tmpl, data, "", ";; ", "") @@ -414,12 +414,25 @@ var head = []string{ "/** @jest-environment", // Jest Environment string https://jestjs.io/docs/configuration#testenvironment-string } -var headPatterns = []string{ - `# This policy requires.*\s*(#.*\s*)*`, +// We need to skip the top file comments in sentinel files because they are are currently used to +// show policy text in UI in TFC. The patterns are created based on the comment format given +// in https://developer.hashicorp.com/sentinel/docs/language/spec#comments +var sentinelHeadPatterns = []string{ + `^#.*\n?(#.*\n?)*`, + `^//.*\n?(//.*\n?)*`, + `^/\*.*\n?(.*\n?)*\*/`, } // matches regex patterns to extract headings to skip -func matchPattern(b []byte) []byte { +func matchPattern(b []byte, path string) []byte { + base := strings.ToLower(filepath.Base(path)) + var headPatterns []string + switch fileExtension(base) { + case ".sentinel": + headPatterns = sentinelHeadPatterns + default: + headPatterns = []string{} + } for _, v := range headPatterns { re := regexp.MustCompile(v) @@ -431,10 +444,10 @@ func matchPattern(b []byte) []byte { return []byte{} } -func hashBang(b []byte) []byte { +func hashBang(b []byte, path string) []byte { var line []byte - line = matchPattern(b) + line = matchPattern(b, path) if len(line) > 0 { return line } diff --git a/addlicense/main_test.go b/addlicense/main_test.go index 4127f83..bc5f098 100644 --- a/addlicense/main_test.go +++ b/addlicense/main_test.go @@ -245,17 +245,6 @@ func TestAddLicense(t *testing.T) { {"# escape: `\ncontent", "# escape: `\n// HYS\n\ncontent", true}, {"# syntax: docker/dockerfile:1.3\ncontent", "# syntax: docker/dockerfile:1.3\n// HYS\n\ncontent", true}, {"/** @jest-environment jsdom */\ncontent", "/** @jest-environment jsdom */\n// HYS\n\ncontent", true}, - { - "# This policy requires immediate action.\n# This is a follow-up comment.\n# Another line of policy.\nSome text that should not match.", - "# This policy requires immediate action.\n# This is a follow-up comment.\n# Another line of policy.\n// HYS\n\nSome text that should not match.", - true, - }, - { - `# This policy requires that the max_password_age attribute of the aws_iam_account_password_policy - # resource is according to CIS standards.`, - "# This policy requires that the max_password_age attribute of the aws_iam_account_password_policy\n\t\t\t# resource is according to CIS standards.\n// HYS\n\n", - true, - }, // ensure files with existing license or generated files are // skipped. No need to test all permutations of these, since diff --git a/addlicense/testdata/expected/file1.sentinel b/addlicense/testdata/expected/file1.sentinel new file mode 100644 index 0000000..579d6bb --- /dev/null +++ b/addlicense/testdata/expected/file1.sentinel @@ -0,0 +1,27 @@ +# This policy requires that the `require_lowercase_characters` attribute of the `aws_iam_account_password_policy` +# resource is according to CIS standards. +# +# another text +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# Imports + +import "tfconfig/v2" as tfconfig +import "tfplan/v2" as tfplan +import "tfresources" as tf +import "report" as report +import "collection" as collection +import "collection/maps" as maps diff --git a/addlicense/testdata/expected/file2.sentinel b/addlicense/testdata/expected/file2.sentinel new file mode 100644 index 0000000..ce6bb9d --- /dev/null +++ b/addlicense/testdata/expected/file2.sentinel @@ -0,0 +1,25 @@ +// This policy requires that the `require_lowercase_characters` attribute of the `aws_iam_account_password_policy` +// resource is according to CIS standards. +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# Imports + +import "tfconfig/v2" as tfconfig +import "tfplan/v2" as tfplan +import "tfresources" as tf +import "report" as report +import "collection" as collection +import "collection/maps" as maps diff --git a/addlicense/testdata/expected/file3.sentinel b/addlicense/testdata/expected/file3.sentinel new file mode 100644 index 0000000..17fdbca --- /dev/null +++ b/addlicense/testdata/expected/file3.sentinel @@ -0,0 +1,26 @@ +/* This policy requires that the `require_lowercase_characters` attribute of the `aws_iam_account_password_policy` +resource is according to CIS standards. */ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + + +# Imports + +import "tfconfig/v2" as tfconfig +import "tfplan/v2" as tfplan +import "tfresources" as tf +import "report" as report +import "collection" as collection +import "collection/maps" as maps diff --git a/addlicense/testdata/initial/file1.sentinel b/addlicense/testdata/initial/file1.sentinel new file mode 100644 index 0000000..d04b45f --- /dev/null +++ b/addlicense/testdata/initial/file1.sentinel @@ -0,0 +1,13 @@ +# This policy requires that the `require_lowercase_characters` attribute of the `aws_iam_account_password_policy` +# resource is according to CIS standards. +# +# another text + +# Imports + +import "tfconfig/v2" as tfconfig +import "tfplan/v2" as tfplan +import "tfresources" as tf +import "report" as report +import "collection" as collection +import "collection/maps" as maps diff --git a/addlicense/testdata/initial/file2.sentinel b/addlicense/testdata/initial/file2.sentinel new file mode 100644 index 0000000..b738d9b --- /dev/null +++ b/addlicense/testdata/initial/file2.sentinel @@ -0,0 +1,11 @@ +// This policy requires that the `require_lowercase_characters` attribute of the `aws_iam_account_password_policy` +// resource is according to CIS standards. + +# Imports + +import "tfconfig/v2" as tfconfig +import "tfplan/v2" as tfplan +import "tfresources" as tf +import "report" as report +import "collection" as collection +import "collection/maps" as maps diff --git a/addlicense/testdata/initial/file3.sentinel b/addlicense/testdata/initial/file3.sentinel new file mode 100644 index 0000000..72e19b3 --- /dev/null +++ b/addlicense/testdata/initial/file3.sentinel @@ -0,0 +1,11 @@ +/* This policy requires that the `require_lowercase_characters` attribute of the `aws_iam_account_password_policy` +resource is according to CIS standards. */ + +# Imports + +import "tfconfig/v2" as tfconfig +import "tfplan/v2" as tfplan +import "tfresources" as tf +import "report" as report +import "collection" as collection +import "collection/maps" as maps From 1f84cbc0f8cd2a73ce35f2855c54161b17bcf595 Mon Sep 17 00:00:00 2001 From: Sonam Tenzin Date: Thu, 13 Feb 2025 12:34:48 +0530 Subject: [PATCH 3/6] resolved comment --- addlicense/testdata/expected/file4.sentinel | 92 +++++++++++++++++++++ addlicense/testdata/initial/file4.sentinel | 78 +++++++++++++++++ 2 files changed, 170 insertions(+) create mode 100644 addlicense/testdata/expected/file4.sentinel create mode 100644 addlicense/testdata/initial/file4.sentinel diff --git a/addlicense/testdata/expected/file4.sentinel b/addlicense/testdata/expected/file4.sentinel new file mode 100644 index 0000000..762d7ff --- /dev/null +++ b/addlicense/testdata/expected/file4.sentinel @@ -0,0 +1,92 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import "tfconfig/v2" as tfconfig +import "tfplan/v2" as tfplan +import "tfresources" as tf +import "report" as report +import "collection" as collection +import "collection/maps" as maps + +# Constants + +const = { + "resource_efs_file_system": "aws_efs_file_system", + "policy_name": "efs-encryption-at-rest-enabled", + "kms_key_id": "kms_key_id", + "constant_value": "constant_value", + "encrypted": "encrypted", + "encrypted_attr_violation_msg": "Attribute 'encrypted' should be true for 'aws_efs_file_system' resources. Refer to https://docs.aws.amazon.com/securityhub/latest/userguide/efs-controls.html#efs-1 for more details.", + "kms_key_id_attr_violation_msg": "Attribute 'kms_key_id' should be non empty for 'aws_efs_file_system' resources. Refer to https://docs.aws.amazon.com/securityhub/latest/userguide/efs-controls.html#efs-1 for more details.", +} + +# Functions + +build_violation_object = func(res, message) { + return { + "address": res.address, + "module_address": res.module_address, + "message": message, + } +} + +# Variables + +efs_file_systems_from_plan = tf.plan(tfplan.planned_values.resources).type(const.resource_efs_file_system).resources + +# Filter out aws_efs_file_systems that have invalid 'encrypted' attribute +non_encrypted_file_systems = collection.reject(efs_file_systems_from_plan, func(res) { + encrypted_val = maps.get(res, "values.encrypted", false) + return encrypted_val is true +}) + +non_encrypted_file_systems_violations = map non_encrypted_file_systems as _, res { + build_violation_object(res, const.encrypted_attr_violation_msg) +} + +efs_file_systems_from_configs = tf.config(tfconfig.resources).type(const.resource_efs_file_system).resources + +# Filter out aws_efs_file_systems that have empty 'kms_key_id' attribute +efs_resources_with_empty_kms_key_ids = collection.reject(efs_file_systems_from_configs, func(res) { + key_path = "config.kms_key_id" + return maps.get(res, key_path, false) is not false and + maps.get(res, key_path + "." + const.constant_value, false) is not "" +}) + +efs_resources_with_empty_kms_key_ids_violations = map efs_resources_with_empty_kms_key_ids as _, res { + build_violation_object(res, const.kms_key_id_attr_violation_msg) +} + +summary = { + "policy_name": const.policy_name, + "violations": non_encrypted_file_systems_violations + efs_resources_with_empty_kms_key_ids_violations, +} + +# Outputs + +print(report.generate_policy_report(summary)) + +# Rules + +verify_non_encrypted_file_systems = rule { + non_encrypted_file_systems_violations is empty +} + +verify_kms_key_referencing_file_systems = rule { + efs_resources_with_empty_kms_key_ids_violations is empty +} + +main = rule { + verify_non_encrypted_file_systems and verify_kms_key_referencing_file_systems +} diff --git a/addlicense/testdata/initial/file4.sentinel b/addlicense/testdata/initial/file4.sentinel new file mode 100644 index 0000000..3ac85cb --- /dev/null +++ b/addlicense/testdata/initial/file4.sentinel @@ -0,0 +1,78 @@ +import "tfconfig/v2" as tfconfig +import "tfplan/v2" as tfplan +import "tfresources" as tf +import "report" as report +import "collection" as collection +import "collection/maps" as maps + +# Constants + +const = { + "resource_efs_file_system": "aws_efs_file_system", + "policy_name": "efs-encryption-at-rest-enabled", + "kms_key_id": "kms_key_id", + "constant_value": "constant_value", + "encrypted": "encrypted", + "encrypted_attr_violation_msg": "Attribute 'encrypted' should be true for 'aws_efs_file_system' resources. Refer to https://docs.aws.amazon.com/securityhub/latest/userguide/efs-controls.html#efs-1 for more details.", + "kms_key_id_attr_violation_msg": "Attribute 'kms_key_id' should be non empty for 'aws_efs_file_system' resources. Refer to https://docs.aws.amazon.com/securityhub/latest/userguide/efs-controls.html#efs-1 for more details.", +} + +# Functions + +build_violation_object = func(res, message) { + return { + "address": res.address, + "module_address": res.module_address, + "message": message, + } +} + +# Variables + +efs_file_systems_from_plan = tf.plan(tfplan.planned_values.resources).type(const.resource_efs_file_system).resources + +# Filter out aws_efs_file_systems that have invalid 'encrypted' attribute +non_encrypted_file_systems = collection.reject(efs_file_systems_from_plan, func(res) { + encrypted_val = maps.get(res, "values.encrypted", false) + return encrypted_val is true +}) + +non_encrypted_file_systems_violations = map non_encrypted_file_systems as _, res { + build_violation_object(res, const.encrypted_attr_violation_msg) +} + +efs_file_systems_from_configs = tf.config(tfconfig.resources).type(const.resource_efs_file_system).resources + +# Filter out aws_efs_file_systems that have empty 'kms_key_id' attribute +efs_resources_with_empty_kms_key_ids = collection.reject(efs_file_systems_from_configs, func(res) { + key_path = "config.kms_key_id" + return maps.get(res, key_path, false) is not false and + maps.get(res, key_path + "." + const.constant_value, false) is not "" +}) + +efs_resources_with_empty_kms_key_ids_violations = map efs_resources_with_empty_kms_key_ids as _, res { + build_violation_object(res, const.kms_key_id_attr_violation_msg) +} + +summary = { + "policy_name": const.policy_name, + "violations": non_encrypted_file_systems_violations + efs_resources_with_empty_kms_key_ids_violations, +} + +# Outputs + +print(report.generate_policy_report(summary)) + +# Rules + +verify_non_encrypted_file_systems = rule { + non_encrypted_file_systems_violations is empty +} + +verify_kms_key_referencing_file_systems = rule { + efs_resources_with_empty_kms_key_ids_violations is empty +} + +main = rule { + verify_non_encrypted_file_systems and verify_kms_key_referencing_file_systems +} From 99465c614c68fb5d4f4ea8789043dc21961c69c1 Mon Sep 17 00:00:00 2001 From: Sonam Tenzin Date: Thu, 13 Feb 2025 15:19:20 +0530 Subject: [PATCH 4/6] resolved comments --- addlicense/main.go | 6 ++--- ...e3.sentinel => multiline-comment.sentinel} | 3 +-- ...ile1.sentinel => multiline-sharp.sentinel} | 2 +- ...ile2.sentinel => multiline-slash.sentinel} | 2 +- .../{file4.sentinel => no-policy.sentinel} | 0 .../expected/singleline-slash.sentinel | 24 +++++++++++++++++++ ...e3.sentinel => multiline-comment.sentinel} | 0 ...ile1.sentinel => multiline-sharp.sentinel} | 0 ...ile2.sentinel => multiline-slash.sentinel} | 0 .../{file4.sentinel => no-policy.sentinel} | 0 .../initial/singleline-slash.sentinel | 10 ++++++++ 11 files changed, 40 insertions(+), 7 deletions(-) rename addlicense/testdata/expected/{file3.sentinel => multiline-comment.sentinel} (99%) rename addlicense/testdata/expected/{file1.sentinel => multiline-sharp.sentinel} (100%) rename addlicense/testdata/expected/{file2.sentinel => multiline-slash.sentinel} (100%) rename addlicense/testdata/expected/{file4.sentinel => no-policy.sentinel} (100%) create mode 100644 addlicense/testdata/expected/singleline-slash.sentinel rename addlicense/testdata/initial/{file3.sentinel => multiline-comment.sentinel} (100%) rename addlicense/testdata/initial/{file1.sentinel => multiline-sharp.sentinel} (100%) rename addlicense/testdata/initial/{file2.sentinel => multiline-slash.sentinel} (100%) rename addlicense/testdata/initial/{file4.sentinel => no-policy.sentinel} (100%) create mode 100644 addlicense/testdata/initial/singleline-slash.sentinel diff --git a/addlicense/main.go b/addlicense/main.go index f1fa056..0f67a53 100644 --- a/addlicense/main.go +++ b/addlicense/main.go @@ -418,9 +418,9 @@ var head = []string{ // show policy text in UI in TFC. The patterns are created based on the comment format given // in https://developer.hashicorp.com/sentinel/docs/language/spec#comments var sentinelHeadPatterns = []string{ - `^#.*\n?(#.*\n?)*`, - `^//.*\n?(//.*\n?)*`, - `^/\*.*\n?(.*\n?)*\*/`, + `^#.*\n?(#.*\n?)*\n`, + `^//.*\n?(//.*\n?)*\n`, + `^/\*.*\n?(.*\n?)*\*/\n\n`, } // matches regex patterns to extract headings to skip diff --git a/addlicense/testdata/expected/file3.sentinel b/addlicense/testdata/expected/multiline-comment.sentinel similarity index 99% rename from addlicense/testdata/expected/file3.sentinel rename to addlicense/testdata/expected/multiline-comment.sentinel index 17fdbca..fe10952 100644 --- a/addlicense/testdata/expected/file3.sentinel +++ b/addlicense/testdata/expected/multiline-comment.sentinel @@ -1,5 +1,6 @@ /* This policy requires that the `require_lowercase_characters` attribute of the `aws_iam_account_password_policy` resource is according to CIS standards. */ + # Copyright 2018 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,8 +15,6 @@ resource is according to CIS standards. */ # See the License for the specific language governing permissions and # limitations under the License. - - # Imports import "tfconfig/v2" as tfconfig diff --git a/addlicense/testdata/expected/file1.sentinel b/addlicense/testdata/expected/multiline-sharp.sentinel similarity index 100% rename from addlicense/testdata/expected/file1.sentinel rename to addlicense/testdata/expected/multiline-sharp.sentinel index 579d6bb..065c962 100644 --- a/addlicense/testdata/expected/file1.sentinel +++ b/addlicense/testdata/expected/multiline-sharp.sentinel @@ -2,6 +2,7 @@ # resource is according to CIS standards. # # another text + # Copyright 2018 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,7 +17,6 @@ # See the License for the specific language governing permissions and # limitations under the License. - # Imports import "tfconfig/v2" as tfconfig diff --git a/addlicense/testdata/expected/file2.sentinel b/addlicense/testdata/expected/multiline-slash.sentinel similarity index 100% rename from addlicense/testdata/expected/file2.sentinel rename to addlicense/testdata/expected/multiline-slash.sentinel index ce6bb9d..b224053 100644 --- a/addlicense/testdata/expected/file2.sentinel +++ b/addlicense/testdata/expected/multiline-slash.sentinel @@ -1,5 +1,6 @@ // This policy requires that the `require_lowercase_characters` attribute of the `aws_iam_account_password_policy` // resource is according to CIS standards. + # Copyright 2018 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,7 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. - # Imports import "tfconfig/v2" as tfconfig diff --git a/addlicense/testdata/expected/file4.sentinel b/addlicense/testdata/expected/no-policy.sentinel similarity index 100% rename from addlicense/testdata/expected/file4.sentinel rename to addlicense/testdata/expected/no-policy.sentinel diff --git a/addlicense/testdata/expected/singleline-slash.sentinel b/addlicense/testdata/expected/singleline-slash.sentinel new file mode 100644 index 0000000..f6a0789 --- /dev/null +++ b/addlicense/testdata/expected/singleline-slash.sentinel @@ -0,0 +1,24 @@ +// This policy requires that the `require_lowercase_characters` attribute of the `aws_iam_account_password_policy` + +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Imports + +import "tfconfig/v2" as tfconfig +import "tfplan/v2" as tfplan +import "tfresources" as tf +import "report" as report +import "collection" as collection +import "collection/maps" as maps diff --git a/addlicense/testdata/initial/file3.sentinel b/addlicense/testdata/initial/multiline-comment.sentinel similarity index 100% rename from addlicense/testdata/initial/file3.sentinel rename to addlicense/testdata/initial/multiline-comment.sentinel diff --git a/addlicense/testdata/initial/file1.sentinel b/addlicense/testdata/initial/multiline-sharp.sentinel similarity index 100% rename from addlicense/testdata/initial/file1.sentinel rename to addlicense/testdata/initial/multiline-sharp.sentinel diff --git a/addlicense/testdata/initial/file2.sentinel b/addlicense/testdata/initial/multiline-slash.sentinel similarity index 100% rename from addlicense/testdata/initial/file2.sentinel rename to addlicense/testdata/initial/multiline-slash.sentinel diff --git a/addlicense/testdata/initial/file4.sentinel b/addlicense/testdata/initial/no-policy.sentinel similarity index 100% rename from addlicense/testdata/initial/file4.sentinel rename to addlicense/testdata/initial/no-policy.sentinel diff --git a/addlicense/testdata/initial/singleline-slash.sentinel b/addlicense/testdata/initial/singleline-slash.sentinel new file mode 100644 index 0000000..505f9e9 --- /dev/null +++ b/addlicense/testdata/initial/singleline-slash.sentinel @@ -0,0 +1,10 @@ +// This policy requires that the `require_lowercase_characters` attribute of the `aws_iam_account_password_policy` + +# Imports + +import "tfconfig/v2" as tfconfig +import "tfplan/v2" as tfplan +import "tfresources" as tf +import "report" as report +import "collection" as collection +import "collection/maps" as maps From 3719a22c8e8534b5c53c7b5cf06129fddcd4cbc1 Mon Sep 17 00:00:00 2001 From: Sonam Tenzin Date: Thu, 20 Feb 2025 11:03:42 +0530 Subject: [PATCH 5/6] changed upload artifact version to fix build failure --- .github/workflows/golangci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci.yml b/.github/workflows/golangci.yml index d28964e..d75e9c7 100644 --- a/.github/workflows/golangci.yml +++ b/.github/workflows/golangci.yml @@ -74,7 +74,7 @@ jobs: version: latest args: release --clean --skip=publish --snapshot - - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + - uses: actions/upload-artifact@v4 # v3.1.2 with: name: copywrite path: dist/* From edf2699b44b848a3c82e4c65ea012e79f2009abe Mon Sep 17 00:00:00 2001 From: Sonam Tenzin Date: Thu, 20 Feb 2025 11:17:58 +0530 Subject: [PATCH 6/6] version removed from comment --- .github/workflows/golangci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci.yml b/.github/workflows/golangci.yml index d75e9c7..75c590f 100644 --- a/.github/workflows/golangci.yml +++ b/.github/workflows/golangci.yml @@ -74,7 +74,7 @@ jobs: version: latest args: release --clean --skip=publish --snapshot - - uses: actions/upload-artifact@v4 # v3.1.2 + - uses: actions/upload-artifact@v4 with: name: copywrite path: dist/*