search

turbot / steampipe-mod-github-sherlock

Interrogate your GitHub resources with the help of the world's greatest detectives: Powerpipe + Steampipe + Sherlock.
https://hub.powerpipe.io/mods/turbot/github_sherlock
Apache License 2.0
39 stars 4 forks source link

Organization Best Practices controls should handle reason coming as <nil> for edge cases #16

Closed rajlearner17 closed 2 years ago

rajlearner17 commented 2 years ago

Describe the bug GitHub Organization with non-matching conditions of Organization Best Practices controls fails e.g.

Organization members should not be able to create public repositories 

...................................................................................................     2 /     3 [==        ]
  | ALARM: <nil> .............................................................................................................................................................................. rajcloud
  | OK   : Turbot Development users cannot create public repositories. ........................................................................................................................ turbotio
  | OK   : Turbot HQ users cannot create public repositories. ................................................................................................................................. turbothq
  |

Organization default repository permissions should be limited 

  | OK   : <nil> .............................................................................................................................................................................. rajcloud
  | OK   : <nil> ................................................................................................................................................................................ turbot
  | OK   : Turbot Development default repository permissions are none. ........................................................................................................................ turbotio
  | OK   : <nil> .............................................................................................................................................................................. turbothq

Steampipe version (steampipe -v) Example: v0.9.1

Plugin version (steampipe plugin list) GitHub: v0.8.1

To reproduce You can create sample organization without all required best practice parameters and run GitHub Sherlock mod as below steampipe check github_sherlock.benchmark.org_best_practices

Expected behavior A clear and concise description of what you expected to happen.

Additional context Add any other context about the problem here.

judell commented 2 years ago

Here's one way that it happens (1) with possible workaround in (3). Not sure what Postgres is doing with that || concatenation in conjunction with an inline case statement, maybe there's a way to parenthesize that'll fix it?

For what it's worth, I prefer concat for joining more than 2 things in a readable way.

  1. Query as written, reason should be 'not set' vs null
    select
      html_url as resource,
      case
        when blog is null then 'alarm'
        else 'ok'
      end as status,
      name || ' homepage is ' || case when (blog is null) then 'not set' else blog end || '.' as reason
    from
      github_my_organization

+--------------------------------+--------+------------
| resource                       | status | reason
+--------------------------------+--------+------------
| https://github.com/JonUdell    | alarm  | <null>
+--------------------------------+--------+------------
  1. Only using the case statement for the reason: works.
    select
      html_url as resource,
      case
        when blog is null then 'alarm'
        else 'ok'
      end as status,
      case when blog is null then 'not set' else blog end as reason
    from
      github_my_organization

+--------------------------------+--------+------------
| resource                       | status | reason     
+--------------------------------+--------+------------
| https://github.com/JonUdell    | alarm  | not set        
+--------------------------------+--------+------------
  1. Alternate way of composing the reason using concat vs ||: works.
    select
      html_url as resource,
      case
        when blog is null then 'alarm'
        else 'ok'
      end as status,
      concat(
        name,
        ' homepage is ',
        case 
          when blog is null then 'not set' 
          else blog 
        end,
        '.'
      ) as reason
    from
      github_my_organization

+--------------------------------+--------+----------------------------------------------------------
| resource                       | status | reason                                                   
+--------------------------------+--------+----------------------------------------------------------
| https://github.com/JonUdell    | alarm  | Jon Udell's (inactive) GitHub org homepage is not set.   
+--------------------------------+--------+----------------------------------------------------------
misraved commented 2 years ago

Fixed in https://github.com/turbot/steampipe-mod-github-sherlock/pull/18