Merge pull request #8 from codebytes/actions-demo

codebytes · web-flow · commit 11444475753a · 2026-02-23T11:57:14.000-05:00
updated terraform
diff --git a/.tfsec/custom_tfchecks.yaml b/.tfsec/custom_tfchecks.yaml
@@ -1,55 +1,66 @@
----
 checks:
-- code: rg-naming-pattern
-  description: Custom check to check resource group naming
-  impact: resource groups should be named consistently
-  resolution: use the pattern rg-app-env-region
-  requiredTypes:
-  - resource
-  requiredLabels:
-  - azurerm_resource_group
-  severity: HIGH
-  matchSpec:
-    name: name
-    action: regexMatches
-    value: "^rg-[a-zA-Z]+-[a-zA-Z]+-[a-zA-Z]+"
-  errorMessage: improperly named resource group
-  relatedLinks:
-  - https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming
-- code: tags-resources
-  description: Custom check to ensure the CostCenter tag is applied to Azure Resources
-  impact: By not having CostCenter we can't keep track of billing
-  resolution: Add the CostCenter tag
-  requiredTypes:
-  - resource
-  requiredLabels:
-  - azurerm_subscription
-  - azurerm_resource_group
-  - azurerm_linux_web_app
-  - azurerm_windows_web_app
-  - azurerm_storage_account
-  - azurerm_service_plan
-  - azurerm_app_service
-  severity: HIGH
-  matchSpec:
-    name: tags
-    action: contains
-    value: CostCenter
-  errorMessage: The required CostCenter tag was missing
-  relatedLinks:
-  - https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-tagging
-- code: app-service-deprecated
-  description: Custom check to warn on deprecated app service
-  impact: using deprecated app service resource instead of azurerm_linux_web_app or azurerm_windows_web_app
-  resolution: Use azurerm_linux_web_app or azurerm_windows_web_app
-  requiredTypes:
-  - resource
-  requiredLabels:
-  - azurerm_app_service
-  severity: HIGH
-  matchSpec:
-    name: azurerm_app_service
-    action: isPresent
-  errorMessage: Using a deprecated resource - azurerm_app_service
-  relatedLinks:
-  - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service
+  - {
+      code: rg-naming-pattern,
+      description: "Custom check to check resource group naming",
+      impact: "resource groups should be named consistently",
+      resolution: "use the pattern rg-app-env-region",
+      requiredTypes: [resource],
+      requiredLabels: [azurerm_resource_group],
+      severity: HIGH,
+      matchSpec:
+        {
+          action: not,
+          predicateMatchSpec:
+            [
+              {
+                name: name,
+                action: regexMatches,
+                value: "^rg-[a-zA-Z]+-[a-zA-Z]+-[a-zA-Z]+",
+              },
+            ],
+        },
+      errorMessage: "improperly named resource group",
+      relatedLinks:
+        [
+          "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming",
+        ],
+    }
+  - {
+      code: tags-resources,
+      description: "Custom check to ensure the CostCenter tag is applied to Azure Resources",
+      impact: "By not having CostCenter we can't keep track of billing",
+      resolution: "Add the CostCenter tag",
+      requiredTypes: [resource],
+      requiredLabels:
+        [
+          azurerm_subscription,
+          azurerm_resource_group,
+          azurerm_linux_web_app,
+          azurerm_windows_web_app,
+          azurerm_storage_account,
+          azurerm_service_plan,
+          azurerm_app_service,
+        ],
+      severity: HIGH,
+      matchSpec: { name: tags, action: contains, value: CostCenter },
+      errorMessage: "The required CostCenter tag was missing",
+      relatedLinks:
+        [
+          "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-tagging",
+        ],
+    }
+  - {
+      code: app-service-deprecated,
+      description: "Custom check to warn on deprecated app service",
+      impact: "using deprecated app service resource instead of azurerm_linux_web_app or azurerm_windows_web_app",
+      resolution: "Use azurerm_linux_web_app or azurerm_windows_web_app",
+      requiredTypes: [resource],
+      requiredLabels: [azurerm_app_service],
+      severity: HIGH,
+      matchSpec: { name: azurerm_app_service, action: isPresent },
+      errorMessage: "Using a deprecated resource - azurerm_app_service",
+      relatedLinks:
+        [
+          "https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service",
+        ],
+    }
diff --git a/example/prod/main.tf b/example/prod/main.tf
@@ -19,6 +19,6 @@ resource "azurerm_resource_group" "rg" {
   name     = "rg-terraformdemo-${var.environment}-${var.location}"
   location = var.location
   tags = {
-    "CostCenter" = "it"
+    "CostCenter" = "ops"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,6 @@ resource "azurerm_resource_group" "rg" {`
`19`	`19`	`name = "rg-terraformdemo-${var.environment}-${var.location}"`
`20`	`20`	`location = var.location`
`21`	`21`	`tags = {`
`22`		`- "CostCenter" = "it"`
	`22`	`+ "CostCenter" = "ops"`
`23`	`23`	`}`
`24`	`24`	`}`