diff --git a/.gitignore b/.gitignore index 27c9372..08fd76b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -terraform_v1.4.0/.terraform* +terraform_v1.4.0/*/.terraform* diff --git a/terraform_v1.4.0/nohup.out b/terraform_v1.4.0/nohup.out deleted file mode 100644 index 96dff42..0000000 --- a/terraform_v1.4.0/nohup.out +++ /dev/null @@ -1 +0,0 @@ -Opening in existing browser session. diff --git a/v1.4.0/CloudTrail.1.sentinel b/v1.4.0/CloudTrail.1.sentinel index f64e762..c81720d 100644 --- a/v1.4.0/CloudTrail.1.sentinel +++ b/v1.4.0/CloudTrail.1.sentinel @@ -6,6 +6,8 @@ # By default, when no event filter is provided, read and write management events are captured: # # Without an event selector specified, CloudTrail logs all read and write management events by default # https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_EventSelector.html + #As such, this policy will look for the presence of a single trail without an event selector + import "tfplan/v2" as tfplan param actions default [ diff --git a/v1.4.0/mocks/cloudtrail-multiregion-mock-tfconfig-v2.sentinel b/v1.4.0/mocks/cloudtrail-multiregion-mock-tfconfig-v2.sentinel index f8fd77a..bd71800 100644 --- a/v1.4.0/mocks/cloudtrail-multiregion-mock-tfconfig-v2.sentinel +++ b/v1.4.0/mocks/cloudtrail-multiregion-mock-tfconfig-v2.sentinel @@ -66,11 +66,66 @@ resources = { "provisioners": [], "type": "aws_cloudtrail", }, + "aws_cloudtrail.example-with-event-selector": { + "address": "aws_cloudtrail.example-with-event-selector", + "config": { + "event_selector": [ + { + "data_resource": [ + { + "type": { + "constant_value": "AWS::S3::Object", + }, + "values": { + "references": [ + "var.s3_bucket_arn", + ], + }, + }, + ], + "include_management_events": { + "constant_value": true, + }, + "read_write_type": { + "constant_value": "All", + }, + }, + ], + "include_global_service_events": { + "constant_value": true, + }, + "is_multi_region_trail": { + "constant_value": true, + }, + "name": { + "constant_value": "example-with-event-selector", + }, + "s3_bucket_name": { + "constant_value": "stm-cloudtrail-sentinel", + }, + }, + "count": {}, + "depends_on": [], + "for_each": {}, + "mode": "managed", + "module_address": "", + "name": "example-with-event-selector", + "provider_config_key": "aws", + "provisioners": [], + "type": "aws_cloudtrail", + }, } provisioners = {} -variables = {} +variables = { + "s3_bucket_arn": { + "default": null, + "description": "The ARN of the CloudTrail bucket", + "module_address": "", + "name": "s3_bucket_arn", + }, +} outputs = {} diff --git a/v1.4.0/mocks/cloudtrail-multiregion-mock-tfplan-v2.sentinel b/v1.4.0/mocks/cloudtrail-multiregion-mock-tfplan-v2.sentinel index 8b16f01..8695e6c 100644 --- a/v1.4.0/mocks/cloudtrail-multiregion-mock-tfplan-v2.sentinel +++ b/v1.4.0/mocks/cloudtrail-multiregion-mock-tfplan-v2.sentinel @@ -15,26 +15,22 @@ planned_values = { "tainted": false, "type": "aws_cloudtrail", "values": { - "advanced_event_selector": [], - "arn": "arn:aws:cloudtrail:us-west-2:323533494701:trail/example", - "cloud_watch_logs_group_arn": "", - "cloud_watch_logs_role_arn": "", - "enable_log_file_validation": false, - "enable_logging": true, - "event_selector": [], - "home_region": "us-west-2", - "id": "example", + "advanced_event_selector": [], + "cloud_watch_logs_group_arn": null, + "cloud_watch_logs_role_arn": null, + "enable_log_file_validation": false, + "enable_logging": true, + "event_selector": [], "include_global_service_events": false, "insight_selector": [], "is_multi_region_trail": false, "is_organization_trail": false, - "kms_key_id": "", + "kms_key_id": null, "name": "example", "s3_bucket_name": "stm-cloudtrail-sentinel", - "s3_key_prefix": "", - "sns_topic_name": "", - "tags": {}, - "tags_all": {}, + "s3_key_prefix": null, + "sns_topic_name": null, + "tags": null, }, }, "aws_cloudtrail.example-multi-region": { @@ -67,63 +63,95 @@ planned_values = { "tags": null, }, }, + "aws_cloudtrail.example-with-event-selector": { + "address": "aws_cloudtrail.example-with-event-selector", + "depends_on": [], + "deposed_key": "", + "index": null, + "mode": "managed", + "module_address": "", + "name": "example-with-event-selector", + "provider_name": "registry.terraform.io/hashicorp/aws", + "tainted": false, + "type": "aws_cloudtrail", + "values": { + "advanced_event_selector": [], + "cloud_watch_logs_group_arn": null, + "cloud_watch_logs_role_arn": null, + "enable_log_file_validation": false, + "enable_logging": true, + "event_selector": [ + { + "data_resource": [ + { + "type": "AWS::S3::Object", + "values": [ + "arn:aws:s3:::s3-cloudtrail-cis/", + ], + }, + ], + "exclude_management_event_sources": null, + "include_management_events": true, + "read_write_type": "All", + }, + ], + "include_global_service_events": true, + "insight_selector": [], + "is_multi_region_trail": true, + "is_organization_trail": false, + "kms_key_id": null, + "name": "example-with-event-selector", + "s3_bucket_name": "stm-cloudtrail-sentinel", + "s3_key_prefix": null, + "sns_topic_name": null, + "tags": null, + }, + }, }, } -variables = {} +variables = { + "s3_bucket_arn": { + "name": "s3_bucket_arn", + "value": "arn:aws:s3:::s3-cloudtrail-cis", + }, +} resource_changes = { "aws_cloudtrail.example": { "address": "aws_cloudtrail.example", "change": { "actions": [ - "no-op", + "create", ], "after": { - "advanced_event_selector": [], - "arn": "arn:aws:cloudtrail:us-west-2:323533494701:trail/example", - "cloud_watch_logs_group_arn": "", - "cloud_watch_logs_role_arn": "", - "enable_log_file_validation": false, - "enable_logging": true, - "event_selector": [], - "home_region": "us-west-2", - "id": "example", + "advanced_event_selector": [], + "cloud_watch_logs_group_arn": null, + "cloud_watch_logs_role_arn": null, + "enable_log_file_validation": false, + "enable_logging": true, + "event_selector": [], "include_global_service_events": false, "insight_selector": [], "is_multi_region_trail": false, "is_organization_trail": false, - "kms_key_id": "", + "kms_key_id": null, "name": "example", "s3_bucket_name": "stm-cloudtrail-sentinel", - "s3_key_prefix": "", - "sns_topic_name": "", - "tags": {}, - "tags_all": {}, + "s3_key_prefix": null, + "sns_topic_name": null, + "tags": null, }, - "after_unknown": {}, - "before": { + "after_unknown": { "advanced_event_selector": [], - "arn": "arn:aws:cloudtrail:us-west-2:323533494701:trail/example", - "cloud_watch_logs_group_arn": "", - "cloud_watch_logs_role_arn": "", - "enable_log_file_validation": false, - "enable_logging": true, - "event_selector": [], - "home_region": "us-west-2", - "id": "example", - "include_global_service_events": false, - "insight_selector": [], - "is_multi_region_trail": false, - "is_organization_trail": false, - "kms_key_id": "", - "name": "example", - "s3_bucket_name": "stm-cloudtrail-sentinel", - "s3_key_prefix": "", - "sns_topic_name": "", - "tags": {}, - "tags_all": {}, + "arn": true, + "event_selector": [], + "home_region": true, + "id": true, + "insight_selector": [], + "tags_all": true, }, + "before": null, }, "deposed": "", "index": null, @@ -176,6 +204,73 @@ resource_changes = { "provider_name": "registry.terraform.io/hashicorp/aws", "type": "aws_cloudtrail", }, + "aws_cloudtrail.example-with-event-selector": { + "address": "aws_cloudtrail.example-with-event-selector", + "change": { + "actions": [ + "create", + ], + "after": { + "advanced_event_selector": [], + "cloud_watch_logs_group_arn": null, + "cloud_watch_logs_role_arn": null, + "enable_log_file_validation": false, + "enable_logging": true, + "event_selector": [ + { + "data_resource": [ + { + "type": "AWS::S3::Object", + "values": [ + "arn:aws:s3:::s3-cloudtrail-cis/", + ], + }, + ], + "exclude_management_event_sources": null, + "include_management_events": true, + "read_write_type": "All", + }, + ], + "include_global_service_events": true, + "insight_selector": [], + "is_multi_region_trail": true, + "is_organization_trail": false, + "kms_key_id": null, + "name": "example-with-event-selector", + "s3_bucket_name": "stm-cloudtrail-sentinel", + "s3_key_prefix": null, + "sns_topic_name": null, + "tags": null, + }, + "after_unknown": { + "advanced_event_selector": [], + "arn": true, + "event_selector": [ + { + "data_resource": [ + { + "values": [ + false, + ], + }, + ], + }, + ], + "home_region": true, + "id": true, + "insight_selector": [], + "tags_all": true, + }, + "before": null, + }, + "deposed": "", + "index": null, + "mode": "managed", + "module_address": "", + "name": "example-with-event-selector", + "provider_name": "registry.terraform.io/hashicorp/aws", + "type": "aws_cloudtrail", + }, } output_changes = {} @@ -212,7 +307,7 @@ raw = { "mode": "managed", "name": "example", "provider_config_key": "aws", - "schema_version": 0, + "schema_version": 1, "type": "aws_cloudtrail", }, { @@ -234,10 +329,59 @@ raw = { "mode": "managed", "name": "example-multi-region", "provider_config_key": "aws", - "schema_version": 0, + "schema_version": 1, + "type": "aws_cloudtrail", + }, + { + "address": "aws_cloudtrail.example-with-event-selector", + "expressions": { + "event_selector": [ + { + "data_resource": [ + { + "type": { + "constant_value": "AWS::S3::Object", + }, + "values": { + "references": [ + "var.s3_bucket_arn", + ], + }, + }, + ], + "include_management_events": { + "constant_value": true, + }, + "read_write_type": { + "constant_value": "All", + }, + }, + ], + "include_global_service_events": { + "constant_value": true, + }, + "is_multi_region_trail": { + "constant_value": true, + }, + "name": { + "constant_value": "example-with-event-selector", + }, + "s3_bucket_name": { + "constant_value": "stm-cloudtrail-sentinel", + }, + }, + "mode": "managed", + "name": "example-with-event-selector", + "provider_config_key": "aws", + "schema_version": 1, "type": "aws_cloudtrail", }, ], + "variables": { + "s3_bucket_arn": { + "description": "The ARN of the CloudTrail bucket", + }, + }, }, }, "format_version": "1.2", @@ -249,36 +393,31 @@ raw = { "mode": "managed", "name": "example", "provider_name": "registry.terraform.io/hashicorp/aws", - "schema_version": 0, + "schema_version": 1, "sensitive_values": { "advanced_event_selector": [], "event_selector": [], "insight_selector": [], - "tags": {}, "tags_all": {}, }, "type": "aws_cloudtrail", "values": { - "advanced_event_selector": [], - "arn": "arn:aws:cloudtrail:us-west-2:323533494701:trail/example", - "cloud_watch_logs_group_arn": "", - "cloud_watch_logs_role_arn": "", - "enable_log_file_validation": false, - "enable_logging": true, - "event_selector": [], - "home_region": "us-west-2", - "id": "example", + "advanced_event_selector": [], + "cloud_watch_logs_group_arn": null, + "cloud_watch_logs_role_arn": null, + "enable_log_file_validation": false, + "enable_logging": true, + "event_selector": [], "include_global_service_events": false, "insight_selector": [], "is_multi_region_trail": false, "is_organization_trail": false, - "kms_key_id": "", + "kms_key_id": null, "name": "example", "s3_bucket_name": "stm-cloudtrail-sentinel", - "s3_key_prefix": "", - "sns_topic_name": "", - "tags": {}, - "tags_all": {}, + "s3_key_prefix": null, + "sns_topic_name": null, + "tags": null, }, }, { @@ -286,7 +425,7 @@ raw = { "mode": "managed", "name": "example-multi-region", "provider_name": "registry.terraform.io/hashicorp/aws", - "schema_version": 0, + "schema_version": 1, "sensitive_values": { "advanced_event_selector": [], "event_selector": [], @@ -313,54 +452,63 @@ raw = { "tags": null, }, }, - ], - }, - }, - "prior_state": { - "format_version": "1.0", - "terraform_version": "1.6.3", - "values": { - "root_module": { - "resources": [ - { - "address": "aws_cloudtrail.example", - "mode": "managed", - "name": "example", - "provider_name": "registry.terraform.io/hashicorp/aws", - "schema_version": 0, - "sensitive_values": { - "advanced_event_selector": [], - "event_selector": [], - "insight_selector": [], - "tags": {}, - "tags_all": {}, - }, - "type": "aws_cloudtrail", - "values": { - "advanced_event_selector": [], - "arn": "arn:aws:cloudtrail:us-west-2:323533494701:trail/example", - "cloud_watch_logs_group_arn": "", - "cloud_watch_logs_role_arn": "", - "enable_log_file_validation": false, - "enable_logging": true, - "event_selector": [], - "home_region": "us-west-2", - "id": "example", - "include_global_service_events": false, - "insight_selector": [], - "is_multi_region_trail": false, - "is_organization_trail": false, - "kms_key_id": "", - "name": "example", - "s3_bucket_name": "stm-cloudtrail-sentinel", - "s3_key_prefix": "", - "sns_topic_name": "", - "tags": {}, - "tags_all": {}, - }, + { + "address": "aws_cloudtrail.example-with-event-selector", + "mode": "managed", + "name": "example-with-event-selector", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "sensitive_values": { + "advanced_event_selector": [], + "event_selector": [ + { + "data_resource": [ + { + "values": [ + false, + ], + }, + ], + }, + ], + "insight_selector": [], + "tags_all": {}, }, - ], - }, + "type": "aws_cloudtrail", + "values": { + "advanced_event_selector": [], + "cloud_watch_logs_group_arn": null, + "cloud_watch_logs_role_arn": null, + "enable_log_file_validation": false, + "enable_logging": true, + "event_selector": [ + { + "data_resource": [ + { + "type": "AWS::S3::Object", + "values": [ + "arn:aws:s3:::s3-cloudtrail-cis/", + ], + }, + ], + "exclude_management_event_sources": null, + "include_management_events": true, + "read_write_type": "All", + }, + ], + "include_global_service_events": true, + "insight_selector": [], + "is_multi_region_trail": true, + "is_organization_trail": false, + "kms_key_id": null, + "name": "example-with-event-selector", + "s3_bucket_name": "stm-cloudtrail-sentinel", + "s3_key_prefix": null, + "sns_topic_name": null, + "tags": null, + }, + }, + ], }, }, "resource_changes": [ @@ -368,67 +516,43 @@ raw = { "address": "aws_cloudtrail.example", "change": { "actions": [ - "no-op", + "create", ], "after": { - "advanced_event_selector": [], - "arn": "arn:aws:cloudtrail:us-west-2:323533494701:trail/example", - "cloud_watch_logs_group_arn": "", - "cloud_watch_logs_role_arn": "", - "enable_log_file_validation": false, - "enable_logging": true, - "event_selector": [], - "home_region": "us-west-2", - "id": "example", + "advanced_event_selector": [], + "cloud_watch_logs_group_arn": null, + "cloud_watch_logs_role_arn": null, + "enable_log_file_validation": false, + "enable_logging": true, + "event_selector": [], "include_global_service_events": false, "insight_selector": [], "is_multi_region_trail": false, "is_organization_trail": false, - "kms_key_id": "", + "kms_key_id": null, "name": "example", "s3_bucket_name": "stm-cloudtrail-sentinel", - "s3_key_prefix": "", - "sns_topic_name": "", - "tags": {}, - "tags_all": {}, + "s3_key_prefix": null, + "sns_topic_name": null, + "tags": null, }, "after_sensitive": { "advanced_event_selector": [], "event_selector": [], "insight_selector": [], - "tags": {}, "tags_all": {}, }, - "after_unknown": {}, - "before": { + "after_unknown": { "advanced_event_selector": [], - "arn": "arn:aws:cloudtrail:us-west-2:323533494701:trail/example", - "cloud_watch_logs_group_arn": "", - "cloud_watch_logs_role_arn": "", - "enable_log_file_validation": false, - "enable_logging": true, - "event_selector": [], - "home_region": "us-west-2", - "id": "example", - "include_global_service_events": false, - "insight_selector": [], - "is_multi_region_trail": false, - "is_organization_trail": false, - "kms_key_id": "", - "name": "example", - "s3_bucket_name": "stm-cloudtrail-sentinel", - "s3_key_prefix": "", - "sns_topic_name": "", - "tags": {}, - "tags_all": {}, - }, - "before_sensitive": { - "advanced_event_selector": [], - "event_selector": [], - "insight_selector": [], - "tags": {}, - "tags_all": {}, + "arn": true, + "event_selector": [], + "home_region": true, + "id": true, + "insight_selector": [], + "tags_all": true, }, + "before": null, + "before_sensitive": false, }, "mode": "managed", "name": "example", @@ -482,6 +606,92 @@ raw = { "provider_name": "registry.terraform.io/hashicorp/aws", "type": "aws_cloudtrail", }, + { + "address": "aws_cloudtrail.example-with-event-selector", + "change": { + "actions": [ + "create", + ], + "after": { + "advanced_event_selector": [], + "cloud_watch_logs_group_arn": null, + "cloud_watch_logs_role_arn": null, + "enable_log_file_validation": false, + "enable_logging": true, + "event_selector": [ + { + "data_resource": [ + { + "type": "AWS::S3::Object", + "values": [ + "arn:aws:s3:::s3-cloudtrail-cis/", + ], + }, + ], + "exclude_management_event_sources": null, + "include_management_events": true, + "read_write_type": "All", + }, + ], + "include_global_service_events": true, + "insight_selector": [], + "is_multi_region_trail": true, + "is_organization_trail": false, + "kms_key_id": null, + "name": "example-with-event-selector", + "s3_bucket_name": "stm-cloudtrail-sentinel", + "s3_key_prefix": null, + "sns_topic_name": null, + "tags": null, + }, + "after_sensitive": { + "advanced_event_selector": [], + "event_selector": [ + { + "data_resource": [ + { + "values": [ + false, + ], + }, + ], + }, + ], + "insight_selector": [], + "tags_all": {}, + }, + "after_unknown": { + "advanced_event_selector": [], + "arn": true, + "event_selector": [ + { + "data_resource": [ + { + "values": [ + false, + ], + }, + ], + }, + ], + "home_region": true, + "id": true, + "insight_selector": [], + "tags_all": true, + }, + "before": null, + "before_sensitive": false, + }, + "mode": "managed", + "name": "example-with-event-selector", + "provider_name": "registry.terraform.io/hashicorp/aws", + "type": "aws_cloudtrail", + }, ], "terraform_version": "1.6.3", + "variables": { + "s3_bucket_arn": { + "value": "arn:aws:s3:::s3-cloudtrail-cis", + }, + }, } diff --git a/v1.4.0/mocks/cloudtrail-multiregion-mock-tfstate-v2.sentinel b/v1.4.0/mocks/cloudtrail-multiregion-mock-tfstate-v2.sentinel index b6e9613..028a453 100644 --- a/v1.4.0/mocks/cloudtrail-multiregion-mock-tfstate-v2.sentinel +++ b/v1.4.0/mocks/cloudtrail-multiregion-mock-tfstate-v2.sentinel @@ -1,40 +1,5 @@ -terraform_version = "1.6.3" +terraform_version = undefined outputs = {} -resources = { - "aws_cloudtrail.example": { - "address": "aws_cloudtrail.example", - "depends_on": [], - "deposed_key": "", - "index": null, - "mode": "managed", - "module_address": "", - "name": "example", - "provider_name": "registry.terraform.io/hashicorp/aws", - "tainted": false, - "type": "aws_cloudtrail", - "values": { - "advanced_event_selector": [], - "arn": "arn:aws:cloudtrail:us-west-2:323533494701:trail/example", - "cloud_watch_logs_group_arn": "", - "cloud_watch_logs_role_arn": "", - "enable_log_file_validation": false, - "enable_logging": true, - "event_selector": [], - "home_region": "us-west-2", - "id": "example", - "include_global_service_events": false, - "insight_selector": [], - "is_multi_region_trail": false, - "is_organization_trail": false, - "kms_key_id": "", - "name": "example", - "s3_bucket_name": "stm-cloudtrail-sentinel", - "s3_key_prefix": "", - "sns_topic_name": "", - "tags": {}, - "tags_all": {}, - }, - }, -} +resources = {} diff --git a/v1.4.0/mocks/mock-tfrun.sentinel b/v1.4.0/mocks/mock-tfrun.sentinel new file mode 100644 index 0000000..18c7f1f --- /dev/null +++ b/v1.4.0/mocks/mock-tfrun.sentinel @@ -0,0 +1,54 @@ +id = "run-yQNb2wTQM8wgMZog" +created_at = "2023-11-15T23:32:29.814Z" +created_by = "seanmeininger" +message = "Triggered via CLI" +commit_sha = undefined +speculative = false +is_destroy = false +refresh = true +refresh_only = false +replace_addrs = null +target_addrs = null +project = { + "id": "prj-reb8RoikfSwzy97u", + "name": "Default Project", +} + +variables = { + "AWS_ACCESS_KEY_ID": { + "category": "env", + "sensitive": false, + }, + "AWS_SECRET_ACCESS_KEY": { + "category": "env", + "sensitive": true, + }, + "AWS_SESSION_EXPIRATION": { + "category": "env", + "sensitive": false, + }, + "AWS_SESSION_TOKEN": { + "category": "env", + "sensitive": true, + }, + "s3_bucket_arn": { + "category": "terraform", + "sensitive": false, + }, +} + +organization = { + "name": "sean-env", +} + +workspace = { + "auto_apply": false, + "created_at": "2023-11-06T23:57:08.689Z", + "description": "Work description:\nhttps://docs.google.com/document/d/1FSVcz_-AV2KnP6VOwmZleJsTH5ZbYudo8iO6s0qHkAw/edit", + "execution_mode": "default", + "id": "ws-SiAU345Ch3vMXGXA", + "name": "cis-sentinel-resources", + "tags": [], + "vcs_repo": null, + "working_directory": "", +}