Skip to content

Commit 6e40408

Browse files
authored
Merge pull request #3 from ONS-Innovation/logic_and_tests
KEH-541 | Initial Logic and Tests
2 parents 0dc3b9b + c3dae2b commit 6e40408

25 files changed

Lines changed: 3213 additions & 135 deletions

.checkov.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
skip-check:
2+
# IAM Resourcing using wildcards
3+
- CKV_AWS_356
4+
- CKV_AWS_111
5+
6+
# Lambda Encryption and Dead Letter Queue
7+
- CKV_AWS_173
8+
- CKV_AWS_116
9+
10+
# Cloudwatch Logs KMS Encryption and Retention
11+
- CKV_AWS_158
12+
- CKV_AWS_338
13+
14+
# These ignores are TEMPORARY. They will be resolved in the future.
15+
- CKV_AWS_108
16+
- CKV_TF_1
17+
- CKV_TF_2
18+
- CKV_AWS_115
19+
- CKV_AWS_272

.coveragerc

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
[run]
2+
omit = tests/*

.gitignore

Lines changed: 45 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -124,9 +124,7 @@ celerybeat.pid
124124
# Environments
125125
.env
126126
.venv
127-
env/
128127
venv/
129-
ENV/
130128
env.bak/
131129
venv.bak/
132130

@@ -167,4 +165,48 @@ cython_debug/
167165
megalinter-reports/
168166

169167
# DS_Store files
170-
.DS_Store
168+
.DS_Store
169+
170+
171+
# Terraform
172+
173+
# Local .terraform directories
174+
**/.terraform/*
175+
176+
# .tfstate files
177+
*.tfstate
178+
*.tfstate.*
179+
180+
# Crash log files
181+
crash.log
182+
crash.*.log
183+
184+
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
185+
# password, private keys, and other secrets. These should not be part of version
186+
# control as they are data points which are potentially sensitive and subject
187+
# to change depending on the environment.
188+
*.tfvars
189+
*.tfvars.json
190+
191+
# Ignore override files as they are usually used to override resources locally and so
192+
# are not checked in
193+
override.tf
194+
override.tf.json
195+
*_override.tf
196+
*_override.tf.json
197+
198+
# Include override files you do wish to add to version control using negated pattern
199+
# !example_override.tf
200+
201+
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
202+
# example: *tfplan*
203+
204+
# Ignore CLI configuration files
205+
.terraformrc
206+
terraform.rc
207+
208+
# Ignore the terraform/service priority calc
209+
terraform/service/highest_priority.txt
210+
211+
# Ignore terraform.lock.hcl file
212+
.terraform.lock.hcl

.mega-linter.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,13 @@ DISABLE_LINTERS:
2828
- REPOSITORY_TRUFFLEHOG
2929
- REPOSITORY_GIT_DIFF
3030

31+
# Disabled due to false positives
32+
- MARKDOWN_MARKDOWN_LINK_CHECK
33+
34+
# Disabled due to unneeded linting. Checkov, Kics and Trivy are sufficient.
35+
- TERRAFORM_TFLINT
36+
- TERRAFORM_TERRASCAN
37+
3138
SHOW_ELAPSED_TIME: true
3239

3340
FILEIO_REPORTER: false

.trivyignore

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
# Ignore Dockerfile user due to Lambda
2+
AVD-DS-0002
3+
4+
# Ignore KMS Encryption
5+
AVD-AWS-0017

Dockerfile

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
# Note:
2+
# Within docker, this container runs as root as no user is specified.
3+
# Due to the nature of the lambda function, this is acceptable as Lambda defines the default user
4+
# to have the least-privilege permissions rather than the root user.
5+
6+
# Therefore we can ignore the linting error for this Dockerfile
7+
# as it is not a security risk for this specific use case.
8+
9+
# Ignored in .trivyignore also.
10+
#kics-scan disable=fd54f200-402c-4333-a5a4-36ef6709af2f
11+
#checkov:skip=CKV_DOCKER_3:Lambda makes default user lowest privilege
12+
13+
FROM public.ecr.aws/lambda/python:3.12
14+
15+
# Install git using dnf (https://docs.aws.amazon.com/lambda/latest/dg/python-image.html#python-image-base)
16+
# For python 3.12, dnf replaces yum for package management
17+
RUN dnf install -y git-2.40.1 && dnf clean all
18+
19+
# Copy the poetry.lock and pyproject.toml files
20+
COPY pyproject.toml poetry.lock ${LAMBDA_TASK_ROOT}/
21+
22+
# Install the dependencies
23+
WORKDIR ${LAMBDA_TASK_ROOT}
24+
RUN pip install --no-cache-dir poetry==1.5.0 &&\
25+
poetry config virtualenvs.create false &&\
26+
poetry install --only main
27+
28+
# Copy config folder
29+
COPY config ${LAMBDA_TASK_ROOT}/config
30+
31+
# Copy function code
32+
COPY src/main.py src/logger.py ${LAMBDA_TASK_ROOT}/src/
33+
34+
HEALTHCHECK NONE
35+
36+
# Set the CMD to your handler (could also be done as a parameter override outside of the Dockerfile)
37+
CMD [ "src.main.handler" ]

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ lint: ## Run all linters (black/ruff/pylint/mypy).
2828

2929
.PHONY: test
3030
test: ## Run the tests and check coverage.
31-
poetry run pytest -n auto --cov=src --cov-report term-missing --cov-fail-under=80
31+
poetry run pytest -n auto --cov=src --cov-report term-missing --cov-fail-under=95
3232

3333
.PHONY: mypy
3434
mypy: ## Run mypy.

0 commit comments

Comments
 (0)