* Support for allowed ports for GCP firewall tests
Adds support for allowed ports in GCP firewall tests
As well, switch from the term "whitelisted" to "allowed"
* Add comments about allowed_ports* config opts
* Support Markdown in documents
Uses `myst_parser` to process Markdown files in the Sphinx workflow.
Using that, included the top level `README.md` as the "Overview" in the
rendered docs.
Some tweaks were needed to have `README.md` render correctly in rendered
docs. Still renders okay via GitHub.
Add a makefile target `doc-preview` to serve the locally built docs.
Fix some links in the README file.
Co-authored-by: Sven Marnach <sven@mozilla.com>
* setup.py: require python 3.8
* setup.py: add shebang
* add frost dir with VERSION and SOURCE_URL
* add click to requirements
* add frost module and pass through cli
* make: pytest -> frost test
* make: install as python package
* run pytest from the repo root directory
so we discover frost conftest and tests
* readme: update install directions and examples
* make: add test files to awsci target
* update dockerfile to install python package
* add requirements to setup.py
* bump version to 0.4.0
* make: remove python version check
setup.py specifies supported python versions
* ci: drop travis tests against python <3.8
* ci: drop travis ripgrep install
rg removed
* update pytest and pytest plugins
* conftest: add rationale and service markers
* s/get_marker/get_closest_marker/
> #4546: Remove Node.get_marker(name) the return value was not usable for more than a existence check.
>
> Use Node.get_closest_marker(name) as a replacement.
https://docs.pytest.org/en/6.0.2/changelog.html#pytest-4-1-0-2019-01-05
* replace removed _genid with nodeid
* aws: fix typo in iam_users_with_policies_and_groups docstring
Co-authored-by: Hal Wine <132412+hwine@users.noreply.github.com>
* add get_param_id to top level helpers
* handle test idfns failing with NotSetType for offline empty param lists
fix confusing pytest parmetrize doctest errors
* Fixes for pytest upgrade and new datetime parsing
* Create a new global for our CustomConfig obj
* Fix parameterize id calls where it's getting a list
* Use timezone info in datetime related tests
* Fix formatting + use get_param_id in redshift helpers
* switch ordering on rds id func for unit tests
Co-authored-by: Hal Wine <132412+hwine@users.noreply.github.com>
Co-authored-by: AJ Bahnken <aj@ajvb.me>
Adds:
* test_firewall_opens_all_ports_to_any
* test_firewall_opens_any_ports_to_all
* test_admin_service_accounts
* test_sql_instance_private_ip_required
* Initial GCP docs in README
Improve:
* Fix error within conftest when no args are provided to pytest
* Add error message to test_sql_instance_ssl_required
Originally, a user was an "admin" if they had a policy that included the
word "admin" in it. That kinda worked sometimes, but needed to be
replaced.
Now, in the config file you can list the admin policies and groups and a
user or role will be matched against these lists.
* Initial credential creation code for GSuite
* Initial GSuite setup + test
Adds the first Gsuite test plus all config code
required to make it work.
* Test related fixes
* Cleaned up test + added GSuite docs
* cr fix: remove [] from any() in pytest_configure
* readme: document meta tests (for param fetching) file layout
* make: Add metatest target
* make: Add metatest against to doctest-coverage target
* make: rename doctest-coverage to the more accurate coverage
* Add some example_cache files
* Add example meta test
* fix flake8 errors in iam resource tests
* test iam_inline_policies
* Initial pass at test for admin roles requiring MFA
* Fixed filename and added new policies needed
* Added disclaimers/notes about potential for false positives/negatives
* initial refactor to single custom config file
* further implemented regression into actual results
* some bug fixes
* fixed doctests for severity.py and exemptions.py
* initial pass at README for config refactor
* remove whitelisted_ports global
* Added doctest to regressions.py
* Removed --aws-require-tag and --aws-whitelisted-ports CLI opts
* Expanded upon the README of the new config file.
* minor README tweaks
* Added support for dont_cache in botocoreclient.get
* Implemented test_iam_admin_user_with_access_key
* Add two new policy perms for pytest-services
* dont -> do_not
* Support doctests by doing len checks
AJ Bahnken
Hal Wine
Hal Wine
Greg Guthe
Julien Vehent
AJ Bahnken
Greg Guthe