Closed reidjc closed 6 years ago
This YAML:
name: az-test project: my_azure resource_groups: - name: az-test location: westeurope security_groups: - name: subnet-sg rules: - name: rule1 description: "subnet security group rule 1" priority: 101 direction: Inbound access: Allow protocol: Tcp source_port_range: 100-4096 destination_port_range: 100-4096 source_address_prefix: VirtualNetwork destination_address_prefix: VirtualNetwork tags: environment: staging
is failing to match this policy:
describe azure_security_group('subnet-sg') do it {should exist} its('inbound_rules') {should have_rule('source_address_prefix' => 'VirtualNetwork', 'source_port_range' => '100-4096', 'destination_address_prefix' => 'VirtualNetwork', 'destination_port_range' => '100-4096', 'priority' => 101, 'protocol' => 'tcp', 'access' => 'allow')} it {should have_tag('environment' => 'staging')} end
with error:
✘ Azure Security Group subnet-sg ✔ should exist ✔ should have tag {"environment"=>"staging"} ✘ inbound_rules should have rule {"source_address_prefix" => "VirtualNetwork", "source_port_range" => "100-4096", "destination_address_prefix" => "VirtualNetwork", "destination_port_range" => "100-4096", "priority" => 101, "protocol" => "tcp", "access" => "allow"} expected that rule {"source_address_prefix"=>"VirtualNetwork", "source_port_range"=>"100-4096", "destination_address_prefix"=>"VirtualNetwork", "destination_port_range"=>"100-4096", "priority"=>101, "protocol"=>"tcp", "access"=>"allow"} is present
Case mismatch between policy and yaml for Tcp and Allow causes this error.
Tcp
Allow
https://github.com/ernestio/compliance/pull/6
Fix no longer required.
This YAML:
is failing to match this policy:
with error: