Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor unit tests #569

Merged
merged 9 commits into from
Oct 14, 2024
Merged

Refactor unit tests #569

merged 9 commits into from
Oct 14, 2024

Conversation

dms1981
Copy link
Contributor

@dms1981 dms1981 commented Oct 14, 2024

This PR is tracked upstream by #7569.

This PR does the following:

  • Removes a duplicate alias resource that does not make use of name_prefix to ensure a unique alias.
  • Creates additional outputs in the root of the module
  • Refactors the outputs in the unit-test module to be more dynamic than the old hardcoded ones
  • Updates the unit tests to query the new outputs

The unit tests are still a little declarative for my tastes, but they're functional.

@dms1981 dms1981 requested a review from a team as a code owner October 14, 2024 14:49
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Failed

Show Output ```hcl

Trivy will check the following folders:
test/unit-test

Running Trivy in test/unit-test
2024-10-14T14:50:51Z INFO [vulndb] Need to update DB
2024-10-14T14:50:51Z INFO [vulndb] Downloading vulnerability DB...
2024-10-14T14:50:51Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T14:50:51Z ERROR [vulndb] Failed to download artifact repo="ghcr.io/aquasecurity/trivy-db:2" err="OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-db/manifests/2: TOOMANYREQUESTS: retry-after: 592.41µs, allowed: 44000/minute\n\n"
2024-10-14T14:50:51Z FATAL Fatal error init error: DB error: failed to download vulnerability DB: OCI artifact error: failed to download vulnerability DB: failed to download artifact from any source
trivy_exitcode=1

</details> #### `Checkov Scan` Failed
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
test/unit-test

*****************************

Running Checkov in test/unit-test
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 133, Failed checks: 2, Skipped checks: 0

Check: CKV2_AWS_64: "Ensure KMS key Policy is defined"
	FAILED for resource: module.bastion_linux[0].aws_kms_key.bastion_s3[0]
	File: /../../main.tf:52-62
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-2-64

		52 | resource "aws_kms_key" "bastion_s3" {
		53 |   count               = var.custom_s3_kms_arn != "" ? 0 : 1
		54 |   enable_key_rotation = true
		55 | 
		56 |   tags = merge(
		57 |     var.tags_common,
		58 |     {
		59 |       Name = "bastion_s3"
		60 |     },
		61 |   )
		62 | }

Check: CKV2_AWS_64: "Ensure KMS key Policy is defined"
	FAILED for resource: module.bastion_linux[1].aws_kms_key.bastion_s3[0]
	File: /../../main.tf:52-62
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-2-64

		52 | resource "aws_kms_key" "bastion_s3" {
		53 |   count               = var.custom_s3_kms_arn != "" ? 0 : 1
		54 |   enable_key_rotation = true
		55 | 
		56 |   tags = merge(
		57 |     var.tags_common,
		58 |     {
		59 |       Name = "bastion_s3"
		60 |     },
		61 |   )
		62 | }


checkov_exitcode=1

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
test/unit-test

*****************************

Running tflint in test/unit-test
Excluding the following checks: terraform_unused_declarations
1 issue(s) found:

Warning: Missing version constraint for provider "http" in `required_providers` (terraform_required_providers)

  on test/unit-test/locals.tf line 6:
   6: data "http" "environments_file" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md

tflint_exitcode=2

Trivy Scan Failed

Show Output 
*****************************

Trivy will check the following folders:
test/unit-test

*****************************

Running Trivy in test/unit-test
2024-10-14T14:50:51Z	INFO	[vulndb] Need to update DB
2024-10-14T14:50:51Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-14T14:50:51Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T14:50:51Z	ERROR	[vulndb] Failed to download artifact	repo="ghcr.io/aquasecurity/trivy-db:2" err="OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-db/manifests/2: TOOMANYREQUESTS: retry-after: 592.41µs, allowed: 44000/minute\n\n"
2024-10-14T14:50:51Z	FATAL	Fatal error	init error: DB error: failed to download vulnerability DB: OCI artifact error: failed to download vulnerability DB: failed to download artifact from any source
trivy_exitcode=1

@dms1981 dms1981 closed this Oct 14, 2024
@dms1981 dms1981 reopened this Oct 14, 2024
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
test/unit-test

Running Trivy in test/unit-test
2024-10-14T14:59:45Z INFO [vulndb] Need to update DB
2024-10-14T14:59:45Z INFO [vulndb] Downloading vulnerability DB...
2024-10-14T14:59:45Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T14:59:47Z INFO [vulndb] Artifact successfully downloaded repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T14:59:47Z INFO [vuln] Vulnerability scanning is enabled
2024-10-14T14:59:47Z INFO [misconfig] Misconfiguration scanning is enabled
2024-10-14T14:59:47Z INFO [misconfig] Need to update the built-in checks
2024-10-14T14:59:47Z INFO [misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-14T14:59:48Z INFO [secret] Secret scanning is enabled
2024-10-14T14:59:48Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-14T14:59:48Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-14T14:59:49Z INFO [terraform scanner] Scanning root module file_path="."
2024-10-14T14:59:49Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-10-14T14:59:49Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T14:59:49Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T14:59:49Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T14:59:49Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T14:59:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T14:59:50Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T14:59:50Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T14:59:50Z INFO Number of language-specific files num=0
2024-10-14T14:59:50Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Failed
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
test/unit-test

*****************************

Running Checkov in test/unit-test
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 133, Failed checks: 2, Skipped checks: 0

Check: CKV2_AWS_64: "Ensure KMS key Policy is defined"
	FAILED for resource: module.bastion_linux[0].aws_kms_key.bastion_s3[0]
	File: /../../main.tf:52-62
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-2-64

		52 | resource "aws_kms_key" "bastion_s3" {
		53 |   count               = var.custom_s3_kms_arn != "" ? 0 : 1
		54 |   enable_key_rotation = true
		55 | 
		56 |   tags = merge(
		57 |     var.tags_common,
		58 |     {
		59 |       Name = "bastion_s3"
		60 |     },
		61 |   )
		62 | }

Check: CKV2_AWS_64: "Ensure KMS key Policy is defined"
	FAILED for resource: module.bastion_linux[1].aws_kms_key.bastion_s3[0]
	File: /../../main.tf:52-62
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-2-64

		52 | resource "aws_kms_key" "bastion_s3" {
		53 |   count               = var.custom_s3_kms_arn != "" ? 0 : 1
		54 |   enable_key_rotation = true
		55 | 
		56 |   tags = merge(
		57 |     var.tags_common,
		58 |     {
		59 |       Name = "bastion_s3"
		60 |     },
		61 |   )
		62 | }


checkov_exitcode=1

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
test/unit-test

*****************************

Running tflint in test/unit-test
Excluding the following checks: terraform_unused_declarations
1 issue(s) found:

Warning: Missing version constraint for provider "http" in `required_providers` (terraform_required_providers)

  on test/unit-test/locals.tf line 6:
   6: data "http" "environments_file" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md

tflint_exitcode=2

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
test/unit-test

*****************************

Running Trivy in test/unit-test
2024-10-14T14:59:45Z	INFO	[vulndb] Need to update DB
2024-10-14T14:59:45Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-14T14:59:45Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T14:59:47Z	INFO	[vulndb] Artifact successfully downloaded	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T14:59:47Z	INFO	[vuln] Vulnerability scanning is enabled
2024-10-14T14:59:47Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-14T14:59:47Z	INFO	[misconfig] Need to update the built-in checks
2024-10-14T14:59:47Z	INFO	[misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-14T14:59:48Z	INFO	[secret] Secret scanning is enabled
2024-10-14T14:59:48Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-14T14:59:48Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-14T14:59:49Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-10-14T14:59:49Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-10-14T14:59:49Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T14:59:49Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T14:59:49Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T14:59:49Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T14:59:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T14:59:50Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T14:59:50Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T14:59:50Z	INFO	Number of language-specific files	num=0
2024-10-14T14:59:50Z	INFO	Detected config files	num=2
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
test/unit-test

Running Trivy in test/unit-test
2024-10-14T15:08:17Z INFO [vulndb] Need to update DB
2024-10-14T15:08:17Z INFO [vulndb] Downloading vulnerability DB...
2024-10-14T15:08:17Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:08:19Z INFO [vulndb] Artifact successfully downloaded repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:08:19Z INFO [vuln] Vulnerability scanning is enabled
2024-10-14T15:08:19Z INFO [misconfig] Misconfiguration scanning is enabled
2024-10-14T15:08:19Z INFO [misconfig] Need to update the built-in checks
2024-10-14T15:08:19Z INFO [misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-14T15:08:20Z INFO [secret] Secret scanning is enabled
2024-10-14T15:08:20Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-14T15:08:20Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-14T15:08:21Z INFO [terraform scanner] Scanning root module file_path="."
2024-10-14T15:08:21Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:08:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:08:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:08:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:08:22Z INFO Number of language-specific files num=0
2024-10-14T15:08:22Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
test/unit-test

*****************************

Running Checkov in test/unit-test
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 133, Failed checks: 0, Skipped checks: 2


checkov_exitcode=0

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
test/unit-test

*****************************

Running tflint in test/unit-test
Excluding the following checks: terraform_unused_declarations
1 issue(s) found:

Warning: Missing version constraint for provider "http" in `required_providers` (terraform_required_providers)

  on test/unit-test/locals.tf line 6:
   6: data "http" "environments_file" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md

tflint_exitcode=2

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
test/unit-test

*****************************

Running Trivy in test/unit-test
2024-10-14T15:08:17Z	INFO	[vulndb] Need to update DB
2024-10-14T15:08:17Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-14T15:08:17Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:08:19Z	INFO	[vulndb] Artifact successfully downloaded	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:08:19Z	INFO	[vuln] Vulnerability scanning is enabled
2024-10-14T15:08:19Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-14T15:08:19Z	INFO	[misconfig] Need to update the built-in checks
2024-10-14T15:08:19Z	INFO	[misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-14T15:08:20Z	INFO	[secret] Secret scanning is enabled
2024-10-14T15:08:20Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-14T15:08:20Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-14T15:08:21Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-10-14T15:08:21Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:08:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:08:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:08:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:08:22Z	INFO	Number of language-specific files	num=0
2024-10-14T15:08:22Z	INFO	Detected config files	num=2
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
test/unit-test

Running Trivy in test/unit-test
2024-10-14T15:17:36Z INFO [vulndb] Need to update DB
2024-10-14T15:17:36Z INFO [vulndb] Downloading vulnerability DB...
2024-10-14T15:17:36Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:17:38Z INFO [vulndb] Artifact successfully downloaded repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:17:38Z INFO [vuln] Vulnerability scanning is enabled
2024-10-14T15:17:38Z INFO [misconfig] Misconfiguration scanning is enabled
2024-10-14T15:17:38Z INFO [misconfig] Need to update the built-in checks
2024-10-14T15:17:38Z INFO [misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-14T15:17:38Z INFO [secret] Secret scanning is enabled
2024-10-14T15:17:38Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-14T15:17:38Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-14T15:17:39Z INFO [terraform scanner] Scanning root module file_path="."
2024-10-14T15:17:39Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:17:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:17:40Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:17:40Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:17:40Z INFO Number of language-specific files num=0
2024-10-14T15:17:40Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
test/unit-test

*****************************

Running Checkov in test/unit-test
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 133, Failed checks: 0, Skipped checks: 2


checkov_exitcode=0

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
test/unit-test

*****************************

Running tflint in test/unit-test
Excluding the following checks: terraform_unused_declarations
1 issue(s) found:

Warning: Missing version constraint for provider "http" in `required_providers` (terraform_required_providers)

  on test/unit-test/locals.tf line 6:
   6: data "http" "environments_file" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md

tflint_exitcode=2

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
test/unit-test

*****************************

Running Trivy in test/unit-test
2024-10-14T15:17:36Z	INFO	[vulndb] Need to update DB
2024-10-14T15:17:36Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-14T15:17:36Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:17:38Z	INFO	[vulndb] Artifact successfully downloaded	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:17:38Z	INFO	[vuln] Vulnerability scanning is enabled
2024-10-14T15:17:38Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-14T15:17:38Z	INFO	[misconfig] Need to update the built-in checks
2024-10-14T15:17:38Z	INFO	[misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-14T15:17:38Z	INFO	[secret] Secret scanning is enabled
2024-10-14T15:17:38Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-14T15:17:38Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-14T15:17:39Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-10-14T15:17:39Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:17:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:17:40Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:17:40Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:17:40Z	INFO	Number of language-specific files	num=0
2024-10-14T15:17:40Z	INFO	Detected config files	num=2
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
test/unit-test

Running Trivy in test/unit-test
2024-10-14T15:18:16Z INFO [vulndb] Need to update DB
2024-10-14T15:18:16Z INFO [vulndb] Downloading vulnerability DB...
2024-10-14T15:18:16Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:18:18Z INFO [vulndb] Artifact successfully downloaded repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:18:18Z INFO [vuln] Vulnerability scanning is enabled
2024-10-14T15:18:18Z INFO [misconfig] Misconfiguration scanning is enabled
2024-10-14T15:18:18Z INFO [misconfig] Need to update the built-in checks
2024-10-14T15:18:18Z INFO [misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-14T15:18:18Z INFO [secret] Secret scanning is enabled
2024-10-14T15:18:18Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-14T15:18:18Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-14T15:18:19Z INFO [terraform scanner] Scanning root module file_path="."
2024-10-14T15:18:19Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-10-14T15:18:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:18:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:18:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:18:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:18:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:18:21Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:18:21Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:18:21Z INFO Number of language-specific files num=0
2024-10-14T15:18:21Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
test/unit-test

*****************************

Running Checkov in test/unit-test
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 133, Failed checks: 0, Skipped checks: 2


checkov_exitcode=0

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
test/unit-test

*****************************

Running tflint in test/unit-test
Excluding the following checks: terraform_unused_declarations
1 issue(s) found:

Warning: Missing version constraint for provider "http" in `required_providers` (terraform_required_providers)

  on test/unit-test/locals.tf line 6:
   6: data "http" "environments_file" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md

tflint_exitcode=2

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
test/unit-test

*****************************

Running Trivy in test/unit-test
2024-10-14T15:18:16Z	INFO	[vulndb] Need to update DB
2024-10-14T15:18:16Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-14T15:18:16Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:18:18Z	INFO	[vulndb] Artifact successfully downloaded	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:18:18Z	INFO	[vuln] Vulnerability scanning is enabled
2024-10-14T15:18:18Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-14T15:18:18Z	INFO	[misconfig] Need to update the built-in checks
2024-10-14T15:18:18Z	INFO	[misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-14T15:18:18Z	INFO	[secret] Secret scanning is enabled
2024-10-14T15:18:18Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-14T15:18:18Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-14T15:18:19Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-10-14T15:18:19Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-10-14T15:18:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:18:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:18:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:18:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:18:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:18:21Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:18:21Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:18:21Z	INFO	Number of language-specific files	num=0
2024-10-14T15:18:21Z	INFO	Detected config files	num=2
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
test/unit-test

Running Trivy in test/unit-test
2024-10-14T15:35:03Z INFO [vulndb] Need to update DB
2024-10-14T15:35:03Z INFO [vulndb] Downloading vulnerability DB...
2024-10-14T15:35:03Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:35:05Z INFO [vulndb] Artifact successfully downloaded repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:35:05Z INFO [vuln] Vulnerability scanning is enabled
2024-10-14T15:35:05Z INFO [misconfig] Misconfiguration scanning is enabled
2024-10-14T15:35:05Z INFO [misconfig] Need to update the built-in checks
2024-10-14T15:35:05Z INFO [misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-10-14T15:35:05Z INFO [secret] Secret scanning is enabled
2024-10-14T15:35:05Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-14T15:35:05Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-14T15:35:06Z INFO [terraform scanner] Scanning root module file_path="."
2024-10-14T15:35:06Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:35:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:35:07Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:35:07Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:35:07Z INFO Number of language-specific files num=0
2024-10-14T15:35:07Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
test/unit-test

*****************************

Running Checkov in test/unit-test
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 133, Failed checks: 0, Skipped checks: 2


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
test/unit-test

*****************************

Running tflint in test/unit-test
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
test/unit-test

*****************************

Running Trivy in test/unit-test
2024-10-14T15:35:03Z	INFO	[vulndb] Need to update DB
2024-10-14T15:35:03Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-14T15:35:03Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:35:05Z	INFO	[vulndb] Artifact successfully downloaded	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-14T15:35:05Z	INFO	[vuln] Vulnerability scanning is enabled
2024-10-14T15:35:05Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-14T15:35:05Z	INFO	[misconfig] Need to update the built-in checks
2024-10-14T15:35:05Z	INFO	[misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-10-14T15:35:05Z	INFO	[secret] Secret scanning is enabled
2024-10-14T15:35:05Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-14T15:35:05Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-14T15:35:06Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-10-14T15:35:06Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].dynamic.tag" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[0].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].data.aws_subnet.local_account" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].dynamic.tag" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-14T15:35:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux[1].module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-14T15:35:07Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:35:07Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2024-10-14T15:35:07Z	INFO	Number of language-specific files	num=0
2024-10-14T15:35:07Z	INFO	Detected config files	num=2
trivy_exitcode=0

@dms1981 dms1981 merged commit 9a92439 into main Oct 14, 2024
5 checks passed
@dms1981 dms1981 deleted the feature/7569-unit-tests branch October 14, 2024 15:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ASTRobinson ASTRobinson ASTRobinson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dms1981 @ASTRobinson