yi2020
commented
2 years ago The test is indeed run against the main.tf in that directory. Specifically, the expectation is that the tool will identify that the resources don't have tags (beyond the Name tag) and will highlight that as an issue. Checkov, at least when it was last tested, didn't do that.
The test case expects the issue highlighting to be only done for resources that support tags.
rajlearner17
Thanks for putting together a nice set of tools comparison. Have some basic doubts
For
tag_all_items, the support is provided by onlyIndeni CloudrailandKicsHope the test case is executed against the provided
main.tffile and the result is shared, pls correct meOne of the below confusion, while checking for the
test-cases/terraform/aws/best-practices/tag_all_items/, thecheckov_results.txtcontainsIn the case of a check, the checkov_results.txt does not indicate any pass/fail, the test cases CKV_AWS_26 & CKV_AWS_27 are totally different checks on AWS, in this context should this be included as part of the test case folder?
Additionally, Does this indicate we need to just check if all resources provisioned in TF are associated with tags? some of the resources are not supported tags, how do we handle them by this validation?