fix sql, bq, storage location exemptions empty list

GoogleCloudPlatform / policy-library

A library of constraint templates and sample constraints for Constraint Framework tools

Apache License 2.0

224 stars 127 forks source link

fix sql, bq, storage location exemptions empty list #370

Closed xingao267 closed 4 years ago

xingao267 commented 4 years ago

Fixes https://github.com/forseti-security/policy-library/issues/369

xingao267 commented 4 years ago

Seems like there are test cases for exemption https://github.com/forseti-security/policy-library/tree/master/validator/test/fixtures/sql_location/constraints https://github.com/forseti-security/policy-library/tree/master/validator/test/fixtures/storage_location/constraints https://github.com/forseti-security/policy-library/tree/master/validator/test/fixtures/bq_dataset_location/constraints

morgante commented 4 years ago

None of the existing test cases test what happens when exemptions isn't specified at all. I recommend we add a test case to avoid regression.

xingao267 commented 4 years ago

@morgante I modified the allowlist_one test case to not specify the exemptions_list to prevent regression. The empty exemptions_list being specified case is still tested in the allowlist_all case.

morgante commented 4 years ago

Perfect, thanks!