Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

now terrascan just hangs in a pre-commit #1593

Open
balq60 opened this issue Jul 25, 2023 · 1 comment
Open

now terrascan just hangs in a pre-commit #1593

balq60 opened this issue Jul 25, 2023 · 1 comment

Comments

@balq60
Copy link

balq60 commented Jul 25, 2023

  • repo: https://github.com/antonbabenko/pre-commit-terraform
    rev: v1.81.0
    hooks:

    • id: terraform_providers_lock
    • id: terraform_checkov
      exclude: (^generate-code/)
      args:
      • --args=--framework=all
      • --args=--quiet
      • --args=--include-all-checkov-policies
    • id: terraform_docs
      files: ^IaC/environments/2-test|^IaC/environments/3-staging|^IaC/environments/4-prod|^IaC/modules
      exclude: (.template/.$|./examples/.|./test/.*)
      args:
      • --args=--config=.terraform-docs.yaml
      • --hook-config=--path-to-file=README.md
      • --hook-config=--add-to-existing-file=true
      • --hook-config=--create-file-if-not-exist=true
    • id: terraform_fmt
      exclude: (^generate-code/)
      #AC_AWS_0369 - I do have Flow Logs Enabled. It is done dynamically so terrascan does not see it
      #AC_AWS_0479 - this is being done, line 91 of modules/ec2_complete/main.tf sets it. It is done dynamically so terrascan does not see it
      #AC_AWS_0480 - detailed monitoring is set to true via variables. Line 52 of modules/ec2_complete/main.tf consumes and sets the variables. They are set to true
      ###terrascan is INCORRECTLY flagged 'optional' as an Experiment. It was released in 1.3.0 of terraform.
      ###I have opened this issue - Incorrectly Flagging optional as Experimental #1580
      ###I see no way to ignore checking for experiments after hours of googling. So commenting out for now
    • id: terrascan
      args:
      • --args=--iac-dir=IaC/environments/2-test
      • --args=--policy-type=aws
      • --args=--verbose
      • --args=--non-recursive
      • --args=--skip-rules="AC_AWS_0369,AC_AWS_0479,AC_AWS_0480"

    #aws-ec2-enable-at-rest-encryption - They are set to be encrypted. It is done dynamically so terraform_tfsec does not see it
    #aws-ec2-require-vpc-flow-logs-for-all-vpcs - I am setting Flow Logs. It is done dynamically so terraform_tfsec does not see it
    #aws-s3-enable-bucket-logging - I do have logging enabled. It is done dynamically so terraform_tfsec does not see it
    #aws-ec2-enforce-http-token-imds - Yes this is set dynamically. It is done dynamically so terraform_tfsec does not see it

    • id: terraform_tfsec
      files: ^IaC/environments/2-test|^IaC/environments/3-staging|^IaC/environments/4-prod|^IaC/modules

files: ^generate-code

  args:
    - >
      --args=--format json
      --no-color
      -e aws-ec2-require-vpc-flow-logs-for-all-vpcs,aws-ec2-enable-at-rest-encryption,aws-s3-enable-bucket-logging,aws-ec2-enforce-http-token-imds

NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"

Description

Trying to run the above configuration and now terrascan just hangs and never completes.

What I Did

I let it run for 20 minutes.
Command pasted above.
terrascanjusthangs
@jonny-wg2
Copy link

Does a verbose flag show any log?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@balq60 @jonny-wg2